DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-20963: CVE-2026-20963: Remote Code Execution via Insecure Deserialization in Microsoft SharePoint

#security #cve #cybersecurity

CVE-2026-20963: Remote Code Execution via Insecure Deserialization in Microsoft SharePoint

Vulnerability ID: CVE-2026-20963
CVSS Score: 8.8
Published: 2026-01-13

CVE-2026-20963 is a critical remote code execution (RCE) vulnerability in Microsoft SharePoint Server, caused by the unsafe deserialization of untrusted data (CWE-502). An authenticated attacker with standard user privileges can exploit this flaw to execute arbitrary code in the context of the SharePoint service.

TL;DR

Authenticated RCE in SharePoint Server via insecure deserialization. Actively exploited and listed in CISA KEV. Requires immediate patching.

⚠️ Exploit Status: ACTIVE

Technical Details

  • CWE ID: CWE-502
  • Attack Vector: Network
  • CVSS Base Score: 8.8
  • EPSS Score: 0.01629
  • Exploit Status: Active Exploitation
  • KEV Status: Listed

Affected Systems

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SharePoint Enterprise Server 2016: 16.0.0 <= x < 16.0.5535.1001 (Fixed in: 16.0.5535.1001)
  • Microsoft SharePoint Server 2019: 16.0.0 <= x < 16.0.10417.20083 (Fixed in: 16.0.10417.20083)
  • Microsoft SharePoint Server Subscription Edition: 16.0.0 <= x < 16.0.19127.20442 (Fixed in: 16.0.19127.20442)

Mitigation Strategies

  • Apply official Microsoft security updates (KB5002828, KB5002825) immediately.
  • Enforce the principle of least privilege for SharePoint service accounts.
  • Isolate SharePoint servers using network segmentation.
  • Deploy WAF rules to detect and block .NET deserialization patterns in POST requests.

Remediation Steps:

  1. Identify all Microsoft SharePoint Server instances in the environment.
  2. Determine the specific version and edition of each SharePoint deployment.
  3. Download the corresponding security update from the Microsoft Security Response Center.
  4. Apply the patch during a scheduled maintenance window.
  5. Verify the patch installation by checking the software build version numbers.

References

Read the full report for CVE-2026-20963 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)