Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】Two Critical Security Vulnerabilities Have Been Identified in Microsoft SharePoint Server (CVE-2026-20947) (CVE-2026-20963)

publish date : 2026-01-26 update date : 2026-01-26

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026011501012424 Publication Time 2026/01/15 13:38
Incident Type ANA-Vulnerability Alert Discovery Time 2026/01/15 13:38
Impact Level Low  
[Subject]
【Vulnerability Alert】Two Critical Security Vulnerabilities Have Been Identified in Microsoft SharePoint Server (CVE-2026-20947) (CVE-2026-20963)
[Content]
Forwarded from TWCERTCC-200-202601-00000011

Microsoft SharePoint Server is an enterprise-level collaboration platform that provides document management and team collaboration capabilities and serves as a core platform for enterprise information integration. Recently, Microsoft released a critical security advisory (CVE-2026-20947, CVSS: 8.8, and CVE-2026-20963, CVSS: 8.8). CVE-2026-20947 is an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands over the network. CVE-2026-20963 is a deserialization of untrusted data vulnerability that allows authenticated attackers to execute arbitrary code over the network.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
Microsoft SharePoint Server Subion Editio

Microsoft SharePoint Server 2019

Microsoft SharePoint Enterprise Server 2016

[Recommended Actions]
Apply the remediation measures in accordance with the solutions released on the official website:

【CVE-2026-20947】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20947

【CVE-2026-20963】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20963
[Reference]
https://www.twcert.org.tw/tw/cp-169-10633-136b6-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print