Summary
Microsoft SharePoint is under active exploitation of a critical RCE vulnerability (CVE-2026-20963) that allows unauthenticated attackers to take over servers via a deserialization flaw.
Take Action:
Your SharePoint servers are under attack. Ideally, isolate them from the internet and make them accessible only from internal networks. Them apply the January 2026 patch ASAP. If you are still using SharePoint 2013 or older, isolate them and upgrade to a newer version. Those old systems are permanently vulnerable.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)