CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability. Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

• CISA KEV-listed (remediation due 2026-03-21)
• EPSS 5.3% (90.2% percentile)

Browse the CVE database

Read the full analysis on IntelFusions