CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-20963

criticalknown exploitedcovered by 2 sourcesfirst seen 2026-03-18
Actively exploited. CVE-2026-20963 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-03-18) — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited Vulnerabilities (KEV) catalogue on 18 March 2026. Additionally, three further RCE flaws affecting Microsoft SharePoint were addressed in the March 2026 release. CERT-EU strongly recommends updating SharePoint servers as soon as possible, prioritising internet-facing assets. CERT-EU also encourages IT administrators to take necessary remediation actions.

CSIRTS triage

What
A remote code execution vulnerability can be exploited by unauthenticated attackers.
Who is affected
Deployments of Microsoft SharePoint are affected, especially internet-facing assets.
Urgency
Remediation is critical due to the high CVSS score and active exploitation.
Action
Update SharePoint servers as soon as possible.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-20963

Get an email if CVE-2026-20963 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-20963

CVE.org record

CISA KEV catalog

Embed the live status

CVE-2026-20963 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-20963 status](https://www.csirts.com/badge/CVE-2026-20963)](https://www.csirts.com/cve/CVE-2026-20963)