CVE-2026-20963

Опубликовано: 17 мар. 2026

Источник: msrc

CVSS3: 9.8

EPSS Низкий

Описание

Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

FAQ

How could an attacker exploit this vulnerability?

In a network-based attack, an unauthenticated attacker could write arbitrary code to inject and execute code remotely on the SharePoint Server.

Обновления

Продукт	Статья	Обновление
Microsoft SharePoint Enterprise Server 2016	5002828	Security Update
Microsoft SharePoint Server 2019	5002825	Security Update
Microsoft SharePoint Server Subscription Edition	5002822	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 91%

0.07096

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2026-20963

CVSS3: 8.8

nvd

2 месяца назад

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

GHSA-5vr8-9cf6-r7px

CVSS3: 8.8

github

2 месяца назад

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

BDU:2026-00638

CVSS3: 8.8

fstec

2 месяца назад

Уязвимость пакетов программ Microsoft SharePoint Server и SharePoint Enterprise Server, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 91%

0.07096

Низкий

9.8 Critical

CVSS3