CVE-2026-20963 SharePoint RCE

Question

May I check any update with this issue: https://nvd.nist.gov/vuln/detail/CVE-2026-20963

I want to get this handled immediately so we aren’t left wide open while attackers are actively scanning for unpatched farms.

Tech info: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963

Where can I obtain the definitive security update packages and official patch documentation to remediation

Answer 1

Hi @Deval Katherina 

Thank you for raising this concern. We understand the urgency, especially given reports of increased scanning activity related to CVE‑2026‑20963. 

For SharePoint Server 2019, Microsoft has released a security update that addresses CVE‑2026‑20963 as part of the January 13, 2026 security update (KB5002825). This update is available through Microsoft Update, the Microsoft Update Catalog, and the Microsoft Download Center. 

The Microsoft Security Response Center (MSRC) remains the authoritative source for patch availability and remediation guidance. While CVE‑2026‑20963 has been addressed for SharePoint Server 2019, it may also affect other products or SharePoint versions, which require their respective security updates as published by Microsoft.  

Please note that this is a user-to-user support forum. Moderators, contributors including external Microsoft employees cannot directly intervene in Microsoft product features or access back-end systems.  Our role here is limited to sharing technical guidance based on publicly available resources and experience.  

Thank you for your patience and understanding. 

---

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.