Microsoft SharePoint actively exploited unauthenticated RCE (CVE-2026-20963)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-20963 is now being exploited in attacks against Microsoft SharePoint deployments, creating unauthenticated remote code execution risk for unpatched servers. The flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. CISA added it to its actively exploited catalog and set a March 21 deadline for federal agencies to secure exposed systems. Microsoft says the weakness was patched in its January 2026 Patch Tuesday update and stems from a deserialization of untrusted data issue.
Related Happenings
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
Vulnerability
First: 14.05.2026 21:53
Last: 14.05.2026 21:53
Sources 1
About this happening:
**Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
VulnerabilityAbout this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
CISA adds ScreenConnect and Windows flaws to KEV
Public Sector Action
First: 29.04.2026 11:46
Last: 29.04.2026 11:46
Sources 1
About this happening:
CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...
CISA adds ScreenConnect and Windows flaws to KEV
Public Sector ActionAbout this happening: CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...
Windows RPC PhantomRPC local privilege escalation flaw
Vulnerability
First: 28.04.2026 14:31
Last: 28.04.2026 14:31
Sources 1
About this happening:
**PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
Windows RPC PhantomRPC local privilege escalation flaw
VulnerabilityAbout this happening: **PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
Microsoft Windows April 2026 protections for malicious .rdp files
Security Tool/Service
First: 15.04.2026 01:23
Last: 15.04.2026 01:23
Sources 1
About this happening:
**Microsoft** shipped **April 2026 cumulative updates** for **Windows 10** and **Windows 11** that add warnings and disable risky shared resources by default when users open **.rd...
Microsoft Windows April 2026 protections for malicious .rdp files
Security Tool/ServiceAbout this happening: **Microsoft** shipped **April 2026 cumulative updates** for **Windows 10** and **Windows 11** that add warnings and disable risky shared resources by default when users open **.rd...
Timeline
-
19.03.2026 12:06 2 articles · 2mo ago
CISA warns CVE-2026-20963 is being exploited in Microsoft SharePoint
Initial DisclosureCISA warned that CVE-2026-20963 is being exploited in Microsoft SharePoint after Microsoft patched the flaw in January 2026 Patch Tuesday; the vulnerability affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, and low-complexity network attacks can let an unauthenticated attacker achieve remote code execution on unpatched servers through a deserialization of untrusted data weakness. CISA added the flaw to its actively exploited vulnerabilities catalog and directed Federal Civilian Executive Branch agencies to secure their servers by Saturday, March 21.
Show sources
- Critical Microsoft SharePoint flaw now exploited in attacks — www.bleepingcomputer.com — 19.03.2026 12:06
- Critical Microsoft SharePoint flaw now exploited in attacks — www.bleepingcomputer.com — 19.03.2026 12:06