Apr 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-32201 Published on April 14, 2026
Microsoft SharePoint Server Spoofing Vulnerability
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Known Exploited Vulnerability
This Microsoft SharePoint Server Improper Input Validation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
The following remediation steps are recommended / required by April 28, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-32201
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft SharePoint Enterprise Server 2016:- Version 16.0.0 and below 16.0.5548.1003 is affected.
- Version 16.0.0 and below 16.0.10417.20114 is affected.
- Version 16.0.0 and below 16.0.19725.20210 is affected.