4:19pm, 24 March 2026
TLP Rating:
CVE-2026-20963 affecting SharePoint Server
A critical vulnerability in Microsoft SharePoint is under active exploitation.
A deserialization of untrusted data vulnerability could allow an unauthorised attacker to execute code over a network.
The NCSC encourages organisations in New Zealand that use affected versions of the product to review the vendor advisory and apply the remediation as soon as possible.
What's happening
Systems affected
This vulnerability affects the following products:
- Microsoft SharePoint Enterprise Server 2016 versions 16.0.0 before 16.0.5535.1001.
- Microsoft SharePoint Server 2019 versions 16.0.0 before 16.0.10417.20083.
- Microsoft SharePoint Server Subscription Edition versions 16.0.0 before 16.0.19127.20442.
- End-of-life versions of SharePoint may also be affected, and these should be upgraded to patched versions.
What to do
Prevention
To prevent exploitation, update affected products to a patched version. If remediation or mitigation action cannot be undertaken immediately, then we recommend isolating SharePoint from the internet.
More information
Read more about this alert on the vendor website:
CVE-2026-20963 - Microsoft SharePoint Remote Code Execution Vulnerability External Link
If you require more information or further support, submit a report on our website: Report an incident
If you need assistance using the tool, call us on 0800 114 115. Calling us is free within New Zealand. We’re open 7am to 7pm, Monday to Friday, and we’re closed on public holidays.
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.