Actively Exploited Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

CVE‑2026‑20963 is a deserialization of untrusted data vulnerability in Microsoft SharePoint. The flaw enables an attacker to execute arbitrary code over a network[1].

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

Ongoing exploitation of this vulnerability has been observed, although no threat actor attribution has been made public as of yet and it appears to not be any public information about the attacks exploiting the vulnerability right now.

CVE

CVE‑2026‑20963

Affected Products

• Microsoft SharePoint Server Subscription Edition prior to version 16.0.19127.20442 [3]
• Microsoft SharePoint Enterprise Server 2016 prior to version 16.0.10417.20083 [3]
• Microsoft SharePoint Server 2019 prior to version 16.0.5535.1001 [3]

Exploitation

CVE‑2026‑20963 has been added to the Known Exploited Vulnerabilities (KEV) catalog[2].

Recommended Actions

While Microsoft’s advisory updates are pending exploitation acknowledgement, Truesec strongly recommends patching systems running vulnerable SharePoint Server versions.

References

[1] https://ift.tt/pu7QlrB
[2] https://ift.tt/OiwmL5A
[3] https://ift.tt/zudoIJF

The post Actively Exploited Microsoft SharePoint Deserialization of Untrusted Data Vulnerability appeared first on Truesec.

Article Link: CVE‑2026‑20963 – Actively Exploited Microsoft SharePoint Deserialization of Untrusted Data Vulnerability - Truesec

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics