Critical Microsoft SharePoint Vulnerability Exploited in Real-World Attacks – Patch Now
Critical Vulnerability in Microsoft SharePoint Exploited in Real-World Attacks
A critical vulnerability in Microsoft SharePoint has been exploited in real-world attacks, according to a warning from the Cybersecurity and Infrastructure Security Agency (CISA).
Vulnerability Details
The flaw, identified as CVE-2026-20963, affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition.
This security issue allows attackers without privileges to execute arbitrary code remotely on unpatched servers, leveraging a deserialization of untrusted data weakness.
Attack Vector
In a network-based attack, an unauthenticated attacker can inject and execute code on the SharePoint Server, Microsoft explained when it patched the vulnerability in January.
CISA Warning and Mitigation
CISA has strongly urged all network defenders to patch their devices against exploitation of CVE-2026-20963 as soon as possible.
CISA emphasized that applying mitigations per vendor instructions, following applicable guidance for cloud services, or discontinuing use of the product if mitigations are unavailable is crucial.
Related Development
In a related development, CISA also ordered federal agencies to patch a stored cross-site scripting (XSS) weakness in the Zimbra Collaboration Suite (ZCS) that is being exploited in the wild.
About Author
English