CVE-2026-32201
Microsoft SharePoint Server Improper Input Validation Vulnerability - [Actively Exploited]
Description
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
INFO
Published Date :
April 14, 2026, 6:17 p.m.
Last Modified :
April 14, 2026, 7:37 p.m.
Remotely Exploit :
No
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201
Affected Products
The following products are affected by CVE-2026-32201
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | f38d906d-7342-40ea-92c1-6c4a2c6478c8 | ||||
| CVSS 3.1 | MEDIUM | [email protected] |
Public PoC/Exploit Available at Github
CVE-2026-32201 has a 5 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-32201.
| URL | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-32201 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-32201
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Cybersecurity Vulnerability Report: May 2026
A spoofing vulnerability exists in Microsoft SharePoint Server due to improper input validation. An unauthenticated attacker can send a specially crafted HTTP request to inject malicious JavaScript (reflected XSS), which executes in the security context of the SharePoint site.
Python
Just some cybersecurity news
CVE POC repo 자동 수집기
Python
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-32201 vulnerability anywhere in the article.
-
europa.eu
Cyber Brief 26-05 - April 2026
Cyber Brief (April 2026)May 4, 2026 – Version: 1TLP:CLEARExecutive summaryWe analysed 366 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, the Council of the Eur ... Read more
-
CybersecurityNews
1,370+ Microsoft SharePoint Servers Vulnerable to Spoofing Attacks Exposed Online
A critical spoofing vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-32201, remains unpatched on over 1,370 internet-facing IP addresses worldwide, according to fresh scanning data fr ... Read more
-
Daily CyberSecurity
Critical 9.8 Webex Flaw Lets Attackers Impersonate Any User
In the modern enterprise, the Single Sign-On (SSO) portal is the master key to a company’s digital life. However, a recently disclosed critical vulnerability in Cisco Webex Services has revealed how a ... Read more
-
Daily CyberSecurity
Chrome 147 Update: Google Patches Critical $90,000 ANGLE Flaw and 30 Other Security Gaps
Google has begun rolling out a high-stakes update for the Chrome stable channel, addressing a total of 31 security vulnerabilities, including five rated as Critical. The release, version 147.0.7727.10 ... Read more
-
Daily CyberSecurity
Root Access via Admin: The 9.9 RCE Crisis Threatening Cisco ISE Networks
Cisco has issued an urgent security advisory following the discovery of high-stakes vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) platforms. The most s ... Read more
-
Daily CyberSecurity
IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform
Security researchers have sounded a major alarm for the internet-of-things (IoT) sector as OpenRemote, a popular 100% open-source management platform, disclosed a maximum-severity vulnerability. The f ... Read more
-
Daily CyberSecurity
No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground
AVideo, a versatile video streaming platform popular among content creators and businesses for hosting and monetizing content, is facing a security crisis. A critical vulnerability has been uncovered ... Read more
-
The Hacker News
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnera ... Read more
-
Daily CyberSecurity
High-Severity Authentication Bypass Discovered in MinIO Storage
A significant security vulnerability has been identified in MinIO, the high-performance, S3-compatible object storage solution widely used for AI/ML and data-intensive workloads. The flaw, categorized ... Read more
-
The Register
Ancient Excel bug comes out of retirement for active attacks
While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit. CISA confirmed ... Read more
-
security.nl
Microsoft dicht actief aangevallen spoofinglek in SharePoint Server
Tijdens de patchdinsdag van april heeft Microsoft een actief aangevallen spoofinglek in SharePoint Server gedicht. De kwetsbaarheid (CVE-2026-32201) maakt het mogelijk voor een ongeauthenticeerde aanv ... Read more
-
CrowdStrike.com
April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs
Microsoft has addressed 164 vulnerabilities in its April 2026 security update release, double the number of vulnerabilities in March 2026. These include one exploited zero-day vulnerability, one previ ... Read more
-
The Cyber Express
Microsoft Fixes 167 Vulnerabilities in Latest Patch Tuesday Update
Microsoft’s Patch Tuesday April 2026 release has introduced one of the most extensive security update rollouts of the year, addressing a total of 167 vulnerabilities across Windows operating systems a ... Read more
-
Daily CyberSecurity
Adobe Rushes Patches for Critical ColdFusion RCE and Security Bypasses
Adobe has released an urgent set of security updates to address multiple vulnerabilities within its ColdFusion 2025 and 2023 versions. The patches resolve a range of critical and moderate security gap ... Read more
-
Daily CyberSecurity
Critical 9.1 Flaws Hit Fortinet FortiSandbox
Fortinet has issued an urgent advisory regarding two critical vulnerabilities in its FortiSandbox platform—vulnerabilities that could allow unauthenticated attackers to bypass security entirely and se ... Read more
-
Daily CyberSecurity
Active SharePoint Spoofing and Legacy Office RCE: CISA Alerts on New KEV Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, sounding a fresh warning about two high-risk security flaws currently being ... Read more
-
CybersecurityNews
Microsoft SharePoint Server 0-Day Vulnerability Actively Exploited in Attacks
A critical zero-day spoofing vulnerability in Microsoft SharePoint Server is being actively exploited in the wild, Microsoft confirmed on April 14, 2026, as part of its monthly security update cycle. ... Read more
-
Daily CyberSecurity
25 Million Users at Risk: Fastify Publicly Discloses PoC Exploit for Single-Space Security Bypass
In the world of web performance, Fastify is a heavyweight, boasting over 25 million monthly downloads and a reputation for being one of the fastest frameworks available. However, a newly disclosed vul ... Read more
-
Daily CyberSecurity
Urgent Patch Alert: SharePoint Spoofing Under Active Attack as Microsoft Releases April 2026 Updates
Microsoft’s April 2026 Patch Tuesday has arrived with a massive security payload, addressing a staggering 163 vulnerabilities, including eight rated as critical. While the volume alone is significant, ... Read more
-
TheCyberThrone
Microsoft Patch Tuesday — April 2026
TheCyberThrone | Vulnerability Advisory | April 15, 2026Volume & Scale — A Near-Record ReleaseMicrosoft patched 163 CVEs in the April 2026 Patch Tuesday release — the second largest Patch Tuesday on r ... Read more
The following table lists the changes that have been made to the
CVE-2026-32201 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Apr. 14, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:* versions up to (excluding) 16.0.19725.20210 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 Types: Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201 Types: US Government Resource -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Apr. 14, 2026
Action Type Old Value New Value Added Date Added 2026-04-14 Added Due Date 2026-04-28 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Microsoft SharePoint Server Improper Input Validation Vulnerability -
New CVE Received by [email protected]
Apr. 14, 2026
Action Type Old Value New Value Added Description Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Added CWE CWE-20 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 14, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201