The U.S. Cybersecurity and Infrastructure Security Agency has flagged a critical Microsoft SharePoint vulnerability (CVE-2026-20963) as actively exploited in the wild, adding it to its official catalog of known vulnerabilities that require urgent patching by federal agencies. The deserialization flaw is a common attack vector used by malicious actors and poses substantial risk to federal networks and broader organizational infrastructure.