A new cybersecurity alert from Cybersecurity and Infrastructure Security Agency has raised serious concerns about two widely used enterprise platforms: Zimbra Collaboration Suite and Microsoft SharePoint. According to a report published by The Hacker News, both systems contain vulnerabilities that are now being actively exploited by cyber attackers.
Critical Vulnerabilities Identified
The warning focuses on two specific security flaws that have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, a list of threats that are already being used in real-world attacks.
-
CVE-2026-20963 (SharePoint)
This is a high-severity vulnerability that allows attackers to execute malicious code remotely over a network. It stems from a weakness known as “deserialization of untrusted data,” which can let hackers take control of a system without needing authentication. -
CVE-2025-66376 (Zimbra)
This flaw is a stored cross-site scripting (XSS) vulnerability found in Zimbra’s Classic web interface. Attackers can exploit it by sending specially crafted HTML emails containing hidden malicious code. When the victim opens the email, the code executes within their browser.
Both vulnerabilities have already been patched, but the main concern is that many systems remain unupdated and therefore exposed.
Active Exploitation in the Wild
CISA’s warning is especially serious because these vulnerabilities are not just theoretical—they are being actively exploited by attackers. This means hackers are already using these weaknesses to compromise systems, making them a top priority for organizations to address.
Although details about who is behind the attacks or how widespread they are remain unclear, the inclusion in the KEV catalog signals a high level of risk. Security experts consider this catalog a critical “must-fix” list for both government agencies and private organizations.
Urgent Deadlines for Patching
To reduce the risk, CISA has issued strict deadlines for applying security updates:
-
SharePoint vulnerability: patch by March 23, 2026
-
Zimbra vulnerability: patch by April 1, 2026
These deadlines primarily apply to U.S. federal agencies, but cybersecurity professionals strongly recommend that all organizations follow the same timeline.
Broader Cybersecurity Threat Landscape
The warning comes at a time when attackers are increasingly targeting widely used enterprise software to maximize impact. Platforms like SharePoint and Zimbra are deeply integrated into business operations, meaning a successful attack can lead to:
In many cases, attackers use these vulnerabilities as an entry point before launching larger attacks, such as ransomware campaigns.
The same report also highlights a separate but related concern: a critical zero-day vulnerability in Cisco firewall management software has been exploited in ransomware attacks, showing how quickly threat actors weaponize newly discovered flaws.
Why This Matters
This incident highlights a key trend in modern cybersecurity: attackers are moving faster than ever. Vulnerabilities are often exploited shortly after discovery—or even before they are publicly disclosed.
It also reinforces the importance of patch management. Even when fixes are available, delays in applying updates can leave systems exposed to serious threats.
Conclusion
The latest alert from CISA serves as a clear warning to organizations worldwide. Actively exploited vulnerabilities in widely used platforms like Zimbra and SharePoint present a serious and immediate risk.
As cyber threats continue to evolve, timely updates, strong security practices, and constant vigilance are essential. In today’s environment, failing to patch known vulnerabilities is no longer just a technical oversight—it can become a critical security failure with far-reaching consequences.