Changeflow GovPing Data Privacy & Cybersecurity JPCERT Advisory CVE-2026-32201: Active SharePoi...
Priority review Guidance Added Final

JPCERT Advisory CVE-2026-32201: Active SharePoint Spoofing Vulnerability

Favicon for www.jpcert.or.jp Japan JPCERT Advisories
Published
Detected
Email

Summary

JPCERT/CC issued alert JPCERT-AT-2026-0010 on April 15, 2026, notifying that Microsoft SharePoint Server contains a spoofing vulnerability (CVE-2026-32201) currently being exploited in the wild. Attackers can achieve authentication-free network-based impersonation and remote code execution. The advisory directs affected organizations to apply the April 2026 Microsoft security updates via Microsoft Update or Windows Update immediately.

Why this matters

Organizations running any version of Microsoft SharePoint Server should treat CVE-2026-32201 as a critical priority — JPCERT notes Microsoft has confirmed active exploitation, which means the attack vector is in use. IT security teams should verify whether their SharePoint deployments are internet-facing and confirm patch deployment status against the April 2026 Microsoft update catalog before waiting for normal patching cycles.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by JPCERT on jpcert.or.jp . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Japan JPCERT Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.

View original document View source feed page

What changed

JPCERT/CC published alert JPCERT-AT-2026-0010 on April 15, 2026, disclosing that CVE-2026-32201, a spoofing vulnerability in Microsoft SharePoint Server, is being actively exploited by threat actors. The vulnerability allows unauthenticated remote attackers to perform network-based impersonation and potentially execute arbitrary code. Microsoft has released security updates in its April 2026 monthly security update package to address this and related vulnerabilities. Affected organizations running Microsoft SharePoint Server should apply all applicable April 2026 security patches immediately via Microsoft Update or Windows Update to mitigate the risk of exploitation.

What to do next

  1. Apply Microsoft security updates via Microsoft Update or Windows Update

Archived snapshot

Apr 23, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

2026年4月マイクロソフトセキュリティ更新プログラムに関する注意喚起

最終更新: 2026-04-15
JPCERT-AT-2026-0010
JPCERT/CC
2026-04-15

I. 概要

マイクロソフトから同社製品の脆弱性を修正する2026年4月のセキュリティ更新プログラムが公開されました。これらの脆弱性が悪用された場合、認証不要でネットワーク経由でのなりすましをされたり、リモートから任意のコードを実行されるなどの可能性があります。

マイクロソフト株式会社
2026 年 4 月のセキュリティ更新プログラム (月例)
https://www.microsoft.com/msrc/blog/2026/04/202604-security-update

マイクロソフトは、これらの脆弱性のうち、次の脆弱性が悪用されていることを公表しています。マイクロソフトが提供する最新の情報をご確認の上、「II. 対策」を実施してください。

CVE-2026-32201
Microsoft SharePoint Server のなりすましの脆弱性
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201

II. 対策

Microsoft Update、もしくはWindows Updateなどを用いて、セキュリティ更新プログラムを適用してください。

Microsoft Update カタログ
https://www.catalog.update.microsoft.com/

Windows Update:よくあるご質問
https://support.microsoft.com/ja-JP/help/12373/windows-update-faq

III. 参考情報

マイクロソフト株式会社
2026 年 4 月のセキュリティ更新プログラム
https://msrc.microsoft.com/update-guide/ja-jp/releaseNote/2026-Apr

今回の件につきまして提供いただける情報がございましたら、JPCERT/CCまでご連絡ください。

一般社団法人JPCERTコーディネーションセンター(JPCERT/CC)
サイバーセキュリティコーディネーショングループ
Email:ew-info@jpcert.or.jp

このページは役に立ちましたか?

はい いいえ

その他、ご意見・ご感想などございましたら、ご記入ください。

こちらはご意見・ご感想用のフォームです。各社製品については、各社へお問い合わせください。

※本フォームにいただいたコメントへの返信はできません。 返信をご希望の方は「お問合せ」 をご利用ください。

javascriptを有効にすると、ご回答いただけます。 ありがとうございました。 インシデント報告はこちらから

緊急情報を確認する

Related changes

Favicon for www.cert.ssi.gouv.fr Python Vulnerability CVE-2026-3298 Advisory
Priority review Apr 22, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.jpcert.or.jp Microsoft April 2026 Security Updates Fix Critical Vulnerabilities
Priority review Apr 23, 2026 JPCERT EN alerts alt Data Privacy & Cybersecurity
Favicon for www.jpcert.or.jp JPCERT Warns of Critical Vulnerabilities in Adobe Acrobat and Reader Allowing Arbitrary Code Execution
Priority review Apr 23, 2026 JPCERT EN alerts alt Data Privacy & Cybersecurity

Get daily alerts for Japan JPCERT Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.jpcert.or.jp
Japan JPCERT Advisories jpcert.or.jp/at
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from JPCERT.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
JPCERT
Published
April 15th, 2026
Instrument
Guidance
Branch
Executive
Source language
ja
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
JPCERT-AT-2026-0010

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability disclosure Patch management Remote code execution risk mitigation
Geographic scope
Japan JP

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Consumer Finance

Browse Categories

Agriculture & Food Safety 79 AI Regulation 3 Banking & Finance 484 Consumer Protection 120 Courts & Legal 448 Data Privacy & Cybersecurity 137 Defense & National Security 53 Education 64 Energy 109 Environment 169 Gaming 2 Government & Legislation 466 Healthcare 15 Healthcare & Life Sciences 419 Immigration 10 Insurance 90 Labor & Employment 178 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 85 Securities & Markets 177 Tax 101 Telecom & Technology 49 Trade & Sanctions 157 Transportation 112

Get alerts for this source

We'll email you when Japan JPCERT Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!