top of page
Search

CISA Warns of Critical SharePoint and Zimbra Vulnerability Exploits

  • Mar 19
  • 1 min read

Key Findings


  • CISA added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog

  • Vulnerabilities affect Microsoft SharePoint and Zimbra Collaboration Suite

  • Federal agencies required to patch these vulnerabilities by specific deadlines

  • One vulnerability allows remote code execution, the other enables cross-site scripting


Background


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) continues its proactive approach to identifying and addressing critical software vulnerabilities. By maintaining the Known Exploited Vulnerabilities catalog, CISA helps federal agencies and private organizations prioritize patch management and reduce potential cybersecurity risks.


Vulnerability Details: SharePoint Flaw


CVE-2026-20963 is a critical Microsoft SharePoint vulnerability with a CVSS score of 8.8. The flaw allows an unauthenticated attacker to execute code remotely over a network by exploiting a deserialization of untrusted data vulnerability. Federal civilian executive branch (FCEB) agencies must patch this vulnerability by March 21, 2026.


Vulnerability Details: Zimbra Flaw


CVE-2025-66376 is a stored cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite's Classic UI. Attackers can potentially abuse CSS @import directives within email HTML to execute malicious scripts. The vulnerability has a CVSS score of 7.2, and FCEB agencies must address it by April 1, 2026.


Mitigation Recommendations


  • Immediately review and apply vendor-provided patches

  • Prioritize vulnerabilities based on CISA's specified deadlines

  • Implement robust patch management processes

  • Conduct thorough vulnerability assessments

  • Monitor for potential exploit attempts


Potential Impact


These vulnerabilities could enable threat actors to:


  • Execute unauthorized code on SharePoint servers

  • Steal credentials and session tokens

  • Conduct cross-site scripting attacks

  • Potentially compromise entire network infrastructures


Sources


  • https://securityaffairs.com/189628/security/u-s-cisa-adds-microsoft-sharepoint-and-zimbra-flaws-to-its-known-exploited-vulnerabilities-catalog.html

  • https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html

  • https://x.com/shah_sheikh/status/2034384536549638362

  • https://www.socdefenders.ai/item/106eff88-a332-49df-b702-ea82a70b0369

  • https://x.com/hackplayers/status/2034388146364756149

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page