Microsoft SharePoint Spoofing Vulnerability, CVSS 6.5 Medium
Summary
CISA added CVE-2026-32201 to the Known Exploited Vulnerabilities catalog on April 14, 2026. The vulnerability is an improper input validation flaw in Microsoft Office SharePoint (versions prior to 16.0.5548.1003, 16.0.10417.20114, and 16.0.19725.20210) that allows unauthorized attackers to perform spoofing over a network. SSVC analysis rates exploitation as 'active' and 'automatable' with partial technical impact. A vendor patch is available via Microsoft Update Guide.
What changed
CISA added a new Microsoft SharePoint spoofing vulnerability (CVE-2026-32201) to the federal Known Exploited Vulnerabilities catalog. The vulnerability has a CVSS 3.1 score of 6.5 (Medium) and stems from improper input validation allowing network-based spoofing attacks. Three specific version ranges across Microsoft Office SharePoint are affected.\n\nOrganizations running affected SharePoint versions should prioritize patching given the KEV designation. The SSVC 'active' and 'automatable' ratings indicate threat actors are actively exploiting this vulnerability and can do so without specialized expertise. Federal civilian executive branch agencies are subject to BOD 22-01 remediation timelines; all other organizations are strongly encouraged to apply the Microsoft patch immediately.
What to do next
- Review Microsoft SharePoint installations for affected versions
- Apply Microsoft patch from msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
- Monitor for indicators of exploitation given active SSVC status
Archived snapshot
Apr 15, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Required CVE Record Information
CNA: Microsoft Corporation
Updated:
2026-04-14
Description
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CWE 1 Total
Learn more
- CWE-20: CWE-20: Improper Input Validation
CVSS 1 Total
Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 6.5 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C |
Product Status
Learn more Versions 1 Total
Default Status: unknown
affected
- affected from 16.0.0 before 16.0.5548.1003 Versions 1 Total
Default Status: unknown
affected
- affected from 16.0.0 before 16.0.10417.20114 Versions 1 Total
Default Status: unknown
affected
- affected from 16.0.0 before 16.0.19725.20210
References 1 Total
- msrc.microsoft.com: Microsoft SharePoint Server Spoofing Vulnerability vendor-advisory patch
Authorized Data Publishers
CISA-ADP
SSVC and KEV, plus CVSS and CWE if not provided by the CNA.
SSVC 1 Total
Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| active | yes | partial | 2.0.3 | 2026-04-15 |
KEV 1 Total
Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201 (2026-04-14)
Related changes
Get daily alerts for CISA Known Exploited Vulnerabilities (KEV)
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CISA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CISA Known Exploited Vulnerabilities (KEV) publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.