Hackers actively exploit SharePoint flaw to run code on servers

Hackers exploit SharePoint flaw CVE-2026-20963 to run code remotely on unpatched on-premises servers (2016, 2019, Subscription Edition). CVSS 8.8 score. Patches available; verify builds in Central Admin against fixed versions to block attacks.