9.8
CVE-2026-20963
- EPSS 5.29%
- Veröffentlicht 13.01.2026 17:56:49
- Zuletzt bearbeitet 01.04.2026 16:01:22
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft SharePoint Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Server SwEditionsubscription Version < 16.0.19127.20442
Microsoft ≫ Sharepoint Server Version2016 SwEditionenterprise
Microsoft ≫ Sharepoint Server Version2019
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login18.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
SchwachstelleMicrosoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.29% | 0.901 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.