Skip to main content

Microsoft CVE-2026-20963

CRITICAL
Deserialization of Untrusted Data (CWE-502)
2026-01-13 secure@microsoft.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Added to CISA KEV
Apr 01, 2026 - 16:01 cisa
CISA KEV
PoC Detected
Apr 01, 2026 - 16:01 vuln.today
Public exploit code
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 13, 2026 - 18:16 nvd
CRITICAL 9.8

DescriptionCVE.org

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

AnalysisAI

Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration.

Technical ContextAI

The vulnerability exists in SharePoint's processing of user-supplied serialized .NET objects. An authenticated attacker can craft malicious serialized data using known .NET deserialization gadget chains (e.g., TypeConfuseDelegate, ObjectDataProvider) that execute arbitrary commands when deserialized by the SharePoint server. The low privilege requirement (any authenticated SharePoint user) combined with remote network access makes this highly exploitable in enterprise environments.

RemediationAI

Apply Microsoft security update immediately. KEV-listed — remediate per CISA deadlines. Review SharePoint service account permissions (principle of least privilege). Monitor SharePoint logs for suspicious serialized data submissions. Consider network segmentation for SharePoint servers.

Share

CVE-2026-20963 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy