CISA added CVE-2026-20963, a Microsoft SharePoint deserialization-of-untrusted-data issue, to the KEV Catalog on March 18, 2026, citing evidence of active exploitation. CISA’s alert says the KEV Catalog is a living list of actively exploited CVEs and urges organizations to prioritize remediation. citeturn0search17turn1search17
NVD describes CVE-2026-20963 as “Deserialization of untrusted data in Microsoft Office SharePoint” that can let an authorized attacker execute code over a network, and lists Microsoft’s advisory as the vendor reference. The NVD entry also shows affected SharePoint Server versions including SharePoint Server 2016, 2019, and Subscription Edition. citeturn1search17
If you want, I can also help you turn this into a short internal security bulletin or extract the remediation guidance.
Source: CISA CISA Adds One Known Exploited Vulnerability to Catalog | CISA
