[VULNERABILITY ALERT] Microsoft SharePoint Server Contains 2 Critical Security Vulnerabilities (CVE-2026-20947)(CVE-2026-20963)

• Subject: [VULNERABILITY ALERT] Microsoft SharePoint Server Contains 2 Critical Security Vulnerabilities (CVE-2026-20947)(CVE-2026-20963)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000011
  • Microsoft SharePoint Server is an enterprise-grade collaboration platform providing document management and team collaboration features, and is a core platform for enterprise information integration.
  • Recently, Microsoft released critical security advisories (CVE-2026-20947, CVSS: 8.8 and CVE-2026-20963, CVSS: 8.8). CVE-2026-20947 is a SQL Injection vulnerability that allows an authorized attacker to execute arbitrary SQL commands via the network; CVE-2026-20963 is a Deserialization of Untrusted Data vulnerability that allows an authorized attacker to execute arbitrary code via the network.
• Affected Platforms:
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Enterprise Server 2016
• Recommended Actions:
  • Please apply patches according to the solutions released on the official website:
  • [CVE-2026-20947] https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20947
  • [CVE-2026-20963] https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20963
• Reference Material:
  1. https://www.twcert.org.tw/tw/cp-169-10633-136b6-1.html

Computer and Communication Center
Network Systems Division, Respectfully