KEV · Actively exploited

CVE-2026-20963

HIGH 9.8 KEV Published on 2026-01-13

Microsoft SharePoint Remote Code Execution Vulnerability

EPSS 5.29% above median percentile 90.2%

CISA Known Exploited Vulnerability

Added to KEV: 2026-03-18
Remediation deadline: 2026-03-21
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware: No