CVE-2026-32201

Microsoft SharePoint Server Spoofing Vulnerability

CVSS 6.5 MEDIUMEPSS 24.2%● KEVCWE-20

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.5EPSS 24.2%KEV simPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

14 Apr 2026Active exploitation (CISA KEV)

14 Apr 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

In short

Microsoft SharePoint Server doesn't properly validate user input, allowing attackers to impersonate legitimate users or content over a network. This could trick users into trusting malicious messages or actions that appear to come from trusted sources.

Technical detail

CWE-20 improper input validation flaw in SharePoint Server enables network-based spoofing attacks where an attacker can forge or manipulate input data to misrepresent identity or origin. Exploitation requires network access to the SharePoint instance; the vulnerability allows threat actors to bypass authentication/authorization checks tied to input validation.

Summary generated and translated by AI from the official description.

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

Affected products

Microsoft · Microsoft SharePoint Enterprise Server 2016 Microsoft · Microsoft SharePoint Server 2019 Microsoft · Microsoft SharePoint Server Subscription Edition

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201