CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network. This vulnerability is actively exploited in the wild according to CISA. Vendor: Microsoft. Product: SharePoint. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due Date: 2026-03-21.