CVE-2026-32201
Published: 14 April 2026
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2026-32201 is an improper input validation vulnerability (CWE-20) affecting Microsoft Office SharePoint. Published on 2026-04-14, it enables an unauthorized attacker to perform spoofing attacks over a network. The vulnerability carries a CVSS v3.1 base score of 6.5 (Medium), with a network attack vector (AV:N), low attack complexity (AC:L), no required privileges (PR:N), no user interaction (UI:N), unchanged scope (S:U), low confidentiality impact (C:L), low integrity impact (I:L), and no availability impact (A:N).
An unauthorized attacker can exploit this vulnerability remotely over the network without authentication or user interaction. Successful exploitation allows spoofing, potentially leading to limited unauthorized disclosure of information or modification of data, though impacts are confined to low levels for both confidentiality and integrity.
Microsoft's Security Response Center (MSRC) provides an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 detailing patches and mitigation steps. The vulnerability is also referenced in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201, indicating active exploitation in the wild.
Security practitioners should prioritize patching SharePoint instances per MSRC guidance, given its presence in CISA's KEV catalog signaling real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 14 April 2026
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE enables remote exploitation of public-facing SharePoint application (AV:N/AC:L/PR:N/UI:N) for spoofing, directly mapping to T1190: Exploit Public-Facing Application.