CP
cyberpings
VulnerabilitiesCRITICAL

Critical Vulnerability - Microsoft SharePoint Server Alert

CCCanadian Cyber Centre Alerts
CVE-2026-20963Microsoft SharePointCyber Centrevulnerabilityexploitation
🎯

Basically, a serious flaw in SharePoint could let hackers take control remotely.

Quick Summary

A critical vulnerability has been found in Microsoft SharePoint Server, allowing remote code execution. Organizations must upgrade to fixed versions immediately to protect their data. The Cyber Centre is urging swift action to mitigate risks associated with this flaw.

The Flaw

A critical vulnerability, tracked as CVE-2026-20963, has been identified in Microsoft SharePoint Server. This flaw involves Deserialization of Untrusted Data (CWE-502) and affects multiple versions of the software. The Canadian Centre for Cyber Security has reported that this vulnerability is currently being exploited by attackers, allowing them to execute code remotely without authentication. The urgency of this situation cannot be overstated, as organizations using affected versions are at significant risk.

The vulnerability was first acknowledged in a Microsoft security advisory released on January 13, 2026, and has since been updated with further details. As of March 18, 2026, it was added to the CISA's Known Exploited Vulnerabilities catalog, highlighting its critical nature and the need for immediate action.

What's at Risk

Organizations running vulnerable versions of Microsoft SharePoint Server are at high risk of unauthorized access and potential data breaches. The affected products include:

  • Microsoft SharePoint Enterprise Server 2016: Versions before 16.0.5535.1001
  • Microsoft SharePoint Server 2019: Versions before 16.0.10417.20083
  • Microsoft SharePoint Server Subscription Edition: Versions before 16.0.19127.20442

Legacy versions, which are no longer supported, are also impacted and should be decommissioned or upgraded. The potential for widespread exploitation makes this vulnerability particularly dangerous for organizations that rely on SharePoint for collaboration and document management.

Patch Status

Organizations are strongly urged to upgrade their SharePoint instances to the fixed versions as soon as possible. The Cyber Centre has outlined the following recommended actions:

  • Identify all on-premises SharePoint Server instances, especially those exposed to the internet.
  • Upgrade to the supported versions of Microsoft SharePoint Server.
  • Apply the latest security updates from Microsoft promptly.

These steps are crucial to mitigate the risk posed by this vulnerability and to protect sensitive information from unauthorized access.

Immediate Actions

To safeguard against potential exploitation, organizations should implement the Cyber Centre's Top 10 IT Security Actions. Key focus areas include:

  • Patching: Regularly update operating systems and applications to close security gaps.
  • Hardening: Strengthen the security posture of operating systems and applications.
  • Isolation: Ensure that web-facing applications are isolated from internal networks.

If any suspicious activity related to this vulnerability is detected, organizations should report it through the Cyber Centre's My Cyber Portal or contact them directly via email. Taking these proactive measures is essential to maintaining cybersecurity integrity in the face of this critical threat.

🔒 Pro insight: Immediate patching is essential; failure to act could result in widespread exploitation of CVE-2026-20963.

Original article from

Canadian Cyber Centre Alerts

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Vulnerabilities Dispute - Cryptographers Clash Over RustSec

A dispute has erupted among cryptographers over critical vulnerabilities in Rust libraries. Nadim Kobeissi's claims face backlash, highlighting challenges in open source security. This situation raises serious concerns about how vulnerabilities are managed and communicated in the community.

The Register Security·
HIGHVulnerabilities

Trivy Scanner Compromised - Ongoing Supply Chain Attack Alert

Aqua Security's Trivy scanner has been compromised in a supply chain attack. Developers are urged to rotate their secrets immediately. The risk of data breaches is significant, given the tool's popularity. Stay alert and follow recommended security measures.

Ars Technica Security·
CRITICALVulnerabilities

Oracle Fusion Middleware - Critical RCE Flaw Exposed

A critical RCE flaw in Oracle's Fusion Middleware has been discovered, allowing attackers to execute code without authentication. This puts many organizations at risk, especially those exposing their services online. Immediate patching is essential to mitigate potential attacks.

Dark Reading·
CRITICALVulnerabilities

Vulnerabilities - Oracle Issues Emergency Patch for RCE Flaw

Oracle has issued an emergency patch for a critical RCE vulnerability in its Identity Manager. This flaw allows attackers to execute code remotely without authentication. Immediate action is necessary to safeguard systems from potential exploitation.

BleepingComputer·
HIGHVulnerabilities

Apple Vulnerabilities - Security Advisory Update Released

Apple has issued a security advisory for critical vulnerabilities across multiple products. Users of Safari, iOS, and macOS need to update immediately to protect their devices. Ignoring these updates could lead to serious security risks. Stay secure by applying the latest patches.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Apple Security Advisory - Critical Vulnerabilities Updated

Apple has issued critical updates for its devices to fix serious vulnerabilities. Users of iOS, macOS, and watchOS are urged to update immediately. Failure to do so could lead to unauthorized access and data breaches. Stay safe by keeping your software up to date.

Canadian Cyber Centre Alerts·