Spoofing Vulnerability in Microsoft Office SharePoint
CVE-2026-32201
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 14 April 2026
Badges
What is CVE-2026-32201?
CVE-2026-32201 is a vulnerability found in Microsoft Office SharePoint, a widely-used platform for collaboration and document management within organizations. This specific vulnerability is characterized by improper input validation, which can lead to unauthorized spoofing activities over a network. By exploiting this flaw, attackers can potentially impersonate authenticated users, posing serious risks to organizational data integrity and overall security. Given SharePoint’s role in managing sensitive documents and facilitating internal communications, a successful attack could result in unauthorized access to confidential information, manipulation of documents, or disruptions in service.
Potential impact of CVE-2026-32201
-
Unauthorized Access: Attackers can exploit this vulnerability to impersonate legitimate users, gaining access to restricted content and sensitive information, which could lead to data leaks or unauthorized modifications.
-
Data Integrity Risks: Spoofing achieved through this vulnerability may allow malicious actors to manipulate information within SharePoint, compromising the accuracy of shared documents and potentially leading to misinformation.
-
Service Disruption: The exploitation of this flaw could disrupt SharePoint services, affecting productivity and collaboration within an organization as users may be unable to trust document authenticity or access critical resources.
CISA has reported CVE-2026-32201
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-32201 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5548.1003
Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20114
Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.19725.20210
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
It Security NewsCVE-2026-322011,370+ Microsoft SharePoint Servers Vulnerable to Spoofing Attacks Exposed Online - IT Security News
A critical spoofing vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-32201, remains unpatched on over 1,370 internet-facing IP addresses worldwide, according to fresh scanning data from the Shadowserver Foundation, even as the flaw sits on CISA’s Known Exploited Vulnerabilities (KEV...
2 weeks ago
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks.
2 weeks ago
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its…
3 weeks ago
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by It Security News
Vulnerability published
Vulnerability Reserved