CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday. About CVE-2026-20963 CVE-2026-20963 affects Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016. It is caused by deserialization of untrusted data and may allow an unauthorized … More →
The post CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) appeared first on Help Net Security.
http://news.poseidon-us.com/TRZqf5
