CVE-2026-20963

unknown KEV

Published 2026-03-18 · Modified 2026-03-18

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

CISA KEV

Vendor: Microsoft
Product: SharePoint
Due date: 2026-03-21

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20963

Mitigation details

Source: Microsoft Security Response Center · View original ↗ · proprietary-no-redistribution

Full prose not cached — VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.

Affected

Vendor	Product	Version
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1
microsoft	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
microsoft	Windows Server 2012
microsoft	Windows Server 2012 (Server Core installation)
microsoft	Windows Server 2012 R2
microsoft	Windows Server 2012 R2 (Server Core installation)
microsoft	Microsoft Excel 2016 (32-bit edition)
microsoft	Microsoft Excel 2016 (64-bit edition)
microsoft	Microsoft Word 2016 (32-bit edition)
microsoft	Microsoft Word 2016 (64-bit edition)
microsoft	Microsoft Office 2016 (32-bit edition)
microsoft	Microsoft Office 2016 (64-bit edition)
microsoft	Windows Server 2016
microsoft	Office Online Server
microsoft	Windows 10 Version 1607 for 32-bit Systems
microsoft	Windows 10 Version 1607 for x64-based Systems
microsoft	Windows Server 2016 (Server Core installation)
microsoft	Microsoft SharePoint Enterprise Server 2016
microsoft	Windows 10 Version 1809 for 32-bit Systems
microsoft	Windows 10 Version 1809 for x64-based Systems
microsoft	Windows Server 2019
microsoft	Windows Server 2019 (Server Core installation)
microsoft	Microsoft Office 2019 for 32-bit editions
microsoft	Microsoft Office 2019 for 64-bit editions
microsoft	Microsoft SharePoint Server 2019
microsoft	Microsoft Edge (Chromium-based)
microsoft	Microsoft 365 Apps for Enterprise for 32-bit Systems
microsoft	Microsoft 365 Apps for Enterprise for 64-bit Systems
microsoft	Windows Server 2022

Exploits

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20963

Verify integrity in audit chain (admin only). AS-IS.