Microsoft SharePoint actively exploited unauthenticated RCE (CVE-2026-20963)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-20963 is now being exploited in attacks against Microsoft SharePoint deployments, creating unauthenticated remote code execution risk for unpatched servers. The flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. CISA added it to its actively exploited catalog and set a March 21 deadline for federal agencies to secure exposed systems. Microsoft says the weakness was patched in its January 2026 Patch Tuesday update and stems from a deserialization of untrusted data issue.
Related Happenings
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionAbout this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
H score44
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
Vulnerability
H score40
First: 14.05.2026 21:53
Last: 14.05.2026 21:53
Sources 1
About this happening:
**Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
VulnerabilityAbout this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
CISA adds ScreenConnect and Windows flaws to KEV
Public Sector Action
H score35
First: 29.04.2026 11:46
Last: 29.04.2026 11:46
Sources 1
About this happening:
CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...
CISA adds ScreenConnect and Windows flaws to KEV
Public Sector ActionAbout this happening: CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...
Windows RPC PhantomRPC local privilege escalation flaw
Vulnerability
H score19
First: 28.04.2026 14:31
Last: 28.04.2026 14:31
Sources 1
About this happening:
**PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
Windows RPC PhantomRPC local privilege escalation flaw
VulnerabilityAbout this happening: **PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
Timeline
-
19.03.2026 12:06 2 articles · 3mo ago
CISA warns CVE-2026-20963 is being exploited in Microsoft SharePoint
Initial DisclosureCISA warned that CVE-2026-20963 is being exploited in Microsoft SharePoint after Microsoft patched the flaw in January 2026 Patch Tuesday; the vulnerability affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, and low-complexity network attacks can let an unauthenticated attacker achieve remote code execution on unpatched servers through a deserialization of untrusted data weakness. CISA added the flaw to its actively exploited vulnerabilities catalog and directed Federal Civilian Executive Branch agencies to secure their servers by Saturday, March 21.
Show sources
- Critical Microsoft SharePoint flaw now exploited in attacks — www.bleepingcomputer.com — 19.03.2026 12:06
- Critical Microsoft SharePoint flaw now exploited in attacks — www.bleepingcomputer.com — 19.03.2026 12:06