Microsoft SharePoint Server contains an improper input validation vulnerability (CVE-2026-32201) that lets an unauthenticated attacker perform spoofing over the network, and CISA added it to the Known Exploited Vulnerabilities catalog on 2026-04-14.
What Is It
CVE-2026-32201 is an improper input validation flaw (CWE-20) in Microsoft Office SharePoint. According to Microsoft's advisory, the bug allows an unauthorized attacker to perform spoofing over a network. NVD assigns a CVSS 3.1 base score of 6.5 (MEDIUM) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, network-reachable, low attack complexity, no privileges or user interaction required, with low impact to confidentiality and integrity and no impact to availability.
Why It Matters
CISA added CVE-2026-32201 to the Known Exploited Vulnerabilities (KEV) catalog on 2026-04-14, confirming the vulnerability is being actively exploited in the wild. Known ransomware campaign use is listed as "Unknown." Because the flaw is network-reachable with no authentication or user interaction required, exposed SharePoint Server instances are directly attackable. Spoofing in a collaboration platform like SharePoint can enable downstream phishing, content tampering, and trust abuse against users who rely on SharePoint as an authoritative source.
What's Vulnerable
Per the NVD CPE configuration, affected products include:
- Microsoft SharePoint Server Subscription Edition prior to build 16.0.19725.20210
- Microsoft SharePoint Server 2016 (Enterprise)
- Microsoft SharePoint Server 2019
Patch Status
Microsoft has published guidance in the MSRC update guide for CVE-2026-32201. CISA's required action is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The federal due date set by CISA is 2026-04-28. The Subscription Edition fix is reflected in build 16.0.19725.20210 or later per the NVD CPE data; administrators of SharePoint Server 2016 Enterprise and 2019 should apply the corresponding Microsoft updates referenced in the MSRC advisory. NVD lists the vulnerability status as "Undergoing Analysis" as of last modification on 2026-04-14.