Skip to content
July 3, 2026
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy

Microsoft News Now

The Home of Microsoft News Today

Primary Menu
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Light/Dark Button
Subscribe

Home - News - CISA Adds Microsoft SharePoint CVE-2026-20963 to Known Exploited Catalog

  • News
  • Microsoft 365/Office

CISA Adds Microsoft SharePoint CVE-2026-20963 to Known Exploited Catalog

CISA added Microsoft SharePoint CVE-2026-20963 to its exploited list, and federal agencies must patch it by March 21.
Dave W. Shanahan 4 months ago (Last updated: 4 months ago) 2 minutes read
image (73)

CISA has added Microsoft SharePoint CVE-2026-20963 to its Known Exploited Vulnerabilities catalog, signaling that the flaw is being actively abused in the wild. Federal civilian agencies are required to address it by March 21, 2026, under the agency’s remediation deadline.

What happened

CISA Adds Microsoft SharePoint CVE-2026-20963 to Known Exploited Catalog

CVE-2026-20963 is a Microsoft SharePoint remote code execution issue tied to deserialization of untrusted data. Microsoft’s January security update materials list the flaw as affecting SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, and the CVSS score shown in Microsoft’s update data is 8.8.

At the time Microsoft first patched the bug, it was not classified as actively exploited, but that assessment has now changed after CISA’s inclusion in the KEV catalog. CISA’s KEV list is used to track vulnerabilities that are known to be exploited and to drive faster remediation across federal systems.

Why Microsoft SharePoint CVE-2026-20963 matters

For IT teams, the main concern is that SharePoint often sits in the center of document sharing, workflows, and internal collaboration, so a server compromise can expose sensitive files and create a path deeper into the network. The fact that CISA has moved this flaw into the KEV catalog means defenders should treat it as urgent, not routine patch hygiene.

The vulnerability is especially important because Microsoft’s advisory data describes a network-based attack path, and reporting on the issue says no user interaction is required once an attacker reaches a vulnerable SharePoint server. That combination makes exposed SharePoint instances a high-priority target for threat actors.

What admins should do

Organizations running on-premises SharePoint should verify whether they are using any affected version and confirm that Microsoft’s January 2026 security updates are installed. If patching has already been done, teams should still review logs, recent administrative changes, and unusual authentication or web request activity around the SharePoint server.

Security teams should also check for internet-facing SharePoint deployments, since externally reachable servers are the most likely to be targeted first. For federal environments, the deadline is March 21, 2026, but private-sector teams should treat that date as a strong signal to move immediately.

Recent Posts You Might Like

  • Microsoft Reveals MAI-Image-2 to Push Its AI Image Tools Into the Top Three
  • Xbox Free Play Days: Sea of Thieves, Hell Let Loose, Trailmakers, and 2 More Games Go Free This Weekend
  • New Xbox Insider Update Gets Big Home Screen Upgrade, Custom Colors, and Quick Resume Controls

About The Author

CVE-2026-20963

Dave W. Shanahan

I’m Dave W. Shanahan, a Microsoft enthusiast with a passion for Windows, Xbox, Microsoft 365 Copilot, Azure, and more. I started MSFTNewsNow.com to keep the world updated on Microsoft news. Based in Massachusetts, you can email me at davewshanahan@gmail.com.

See author's posts

Like this:

LikeLoading…

Related


Discover more from Microsoft News Now

Subscribe to get the latest posts sent to your email.

Tags: AuthenticationEnterpriseFree Play DaysMicrosoftSecuritySharePointXBOX

Post navigation

Previous: Microsoft Reveals MAI-Image-2 to Push Its AI Image Tools Into the Top Three
Next: 30+ New Games Coming Next Week on Xbox March 23 to 27, Including Life Is Strange: Reunion, Absolum, and Mega Man Star Force Legacy Collection

Related Stories

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 5 hours ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 1 day ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 2 days ago 0

AccessibilityAmazonAndroidAuthenticationAzureCall of DutyCopilotCybersecurityDeveloperEnterpriseFree Play DaysGamingGenerative AIGitHubGoogleLinkedinMicrosoftMicrosoft 365Microsoft 365 CopilotMicrosoft CopilotMicrosoft EdgeMicrosoft StoreMicrosoft TeamsNext Week on XBOXOpenAIOutlookPatch TuesdayPrivacySecuritySettingsSharePointSurfaceTwitterWindowsWindows 10Windows 11Windows InsiderXBOXXBOX Game PassXBOX Game Pass UltimateXBOX OneXBOX Play AnywhereXBOX Series XXBOX Series X|SXBOX Wire

Useful Links

  • AI and Copilot (249)
  • Azure & Cloud (35)
  • Developers (3)
  • Enterprise (4)
  • How To Guides (99)
  • Microsoft 365/Office (97)
  • Microsoft Announcements (97)
  • News (1,272)
  • Security (78)
  • Surface (47)
  • Windows (168)
  • XBOX and Gaming (418)

You May Have Missed

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 5 hours ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 1 day ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 2 days ago 0
Microsoft Teams Rolls Out Smarter Bot Protection To Keep Unwanted AI Out Of Your Meetings
  • News
  • Microsoft 365/Office

Smarter Microsoft Teams Bot Protection Rolls Out To Keep Unwanted AI Out Of Your Meetings

Dave W. Shanahan 2 days ago 0
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Copyright © 2026 All rights reserved. ReviewNews by AF themes.

    %d