9.8
CVE-2026-20963
- EPSS 31.11%
- Veröffentlicht 13.01.2026 17:56:49
- Zuletzt bearbeitet 01.04.2026 16:01:22
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft SharePoint Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Server SwEditionsubscription Version < 16.0.19127.20442
Microsoft ≫ Sharepoint Server Version2016 SwEditionenterprise
Microsoft ≫ Sharepoint Server Version2019
VulnDex Vulnerability Enrichment
18.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
SchwachstelleMicrosoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 31.11% | 0.98 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20963