Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
| Vendor | Product | Versions |
|---|---|---|
| microsoft | sharepoint_server | 16.0.0, 16.0.0, 16.0.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| microsoft | sharepoint | cert_advisory | 90% |
| microsoft | powerpoint | cert_advisory | 90% |
| microsoft | microsoft office online | cert_advisory | 90% |
| microsoft | office | cert_advisory | 90% |
| microsoft | excel | cert_advisory | 90% |
Updated description with technical details, added affected versions including 2016, 2019, and Subscription Edition, changed severity to HIGH, and included CVE-2026-32201 in tags.
Updated affected versions and noted that the patch available field is now null.
Updated description with more technical detail about the impact of the vulnerability.
Updated description with more technical detail, added new CWE, and included additional tags related to server spoofing.
Updated severity to HIGH and added details about attackers being able to view and modify isolated data.
Updated affected versions to include 16.0.5548.1003 and noted that the patch is now null.
Updated description with additional details on potential exploitation and set patchAvailable to null.
Updated severity to HIGH, CVSS score to 9.8, and added new tags related to zero-day and active exploitation.
Updated description with details on how CVE-2026-32201 can be exploited and confirmed that it is actively exploited.
Updated product to include Microsoft SharePoint Server 2019/LTSC 2021/LTSC 2024, changed severity to CRITICAL, and noted no available exploit.
Updated description with additional details, changed severity to HIGH, added new CWE, and noted that patch information is unclear.
Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.
Initial creation
