CVE-2026-20963

CRITICAL KEV

Microsoft Office SharePoint - Code Injection

Title source: llm

Exploitation Summary

CVE-2026-20963 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 18, 2026. EIP tracks 1 public exploit from researchers including jenniferreire26.

AI-analyzed exploit summary The repository lacks actual exploit code and instead directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or monetizing fake exploits. The README provides minimal technical details about the vulnerability.

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

Exploits (1)

nomisec SUSPICIOUS

by jenniferreire26 · poc

https://github.com/jenniferreire26/CVE-2026-20963

View Code ZIP pw:eip

The repository lacks actual exploit code and instead directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or monetizing fake exploits. The README provides minimal technical details about the vulnerability.

Classification

Suspicious 95%

Attack Type

Deserialization

Complexity

Theoretical

Reliability

Theoretical

Target: Microsoft Office SharePoint (versions before 16.0.19127.20442, 2016, 2019)

Auth required

Prerequisites: network access to vulnerable SharePoint instance · authenticated session

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20963

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963

Scores

CVSS v3 9.8

EPSS 0.0807

EPSS Percentile 92.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2026-03-18

VulnCheck KEV 2026-03-18

ENISA EUVD EUVD-2026-2114

CWE

CWE-502

Status published

Products (6)

Microsoft/Microsoft SharePoint Enterprise Server 2016 16.0.0 - 16.0.5535.1001

Microsoft/Microsoft SharePoint Server 2019 16.0.0 - 16.0.10417.20083

Microsoft/Microsoft SharePoint Server Subscription Edition 16.0.0 - 16.0.19127.20442

microsoft/sharepoint_server 2016

microsoft/sharepoint_server 2019

microsoft/sharepoint_server < 16.0.19127.20442

Published Jan 13, 2026

KEV Added Mar 18, 2026

Tracked Since Feb 18, 2026