Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3838 articles · 175945 vulns · 37/41 feeds (7d)
← Back to list
6.5
CVE-2026-32201KEVEXPLOITEDPATCHED
microsoft · sharepoint_server

Microsoft SharePoint Server Spoofing Vulnerability

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Affected Products

VendorProductVersions
microsoftsharepoint_server16.0.0, 16.0.0, 16.0.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftsharepointcert_advisory90%
microsoftpowerpointcert_advisory90%
microsoftmicrosoft office onlinecert_advisory90%
microsoftofficecert_advisory90%
microsoftexcelcert_advisory90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201(vendor-advisory, patch)

Related News (17 articles)

Tier B
JPCERT/CC
Security Alert: Microsoft Releases April 2026 Security Updates
→ No new info (linked only)
Tier D
BleepingComputer83d ago
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
→ No new info (linked only)
Tier D
The Hacker News85d ago
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
→ No new info (linked only)
Tier B
CERT-FR85d ago
Bulletin d'actualité CERTFR-2026-ACT-018 (20 avril 2026)
→ No new info (linked only)
Tier D
Infosecurity Magazine90d ago
Microsoft Fixes Two Zero-Days in April Patch Tuesday
→ No new info (linked only)
Tier B
BSI Advisories90d ago
[NEU] [mittel] Microsoft Office: Mehrere Schwachstellen
→ No new info (linked only)
Tier D
Heise Security90d ago
Patchday: Angreifer attackieren Edge und Microsoft SharePoint Server
→ No new info (linked only)
Tier D
Heise Security90d ago
Warnung vor Attacken auf 17 Jahre alte Excel-Lücke
→ No new info (linked only)
Tier D
CSO Online90d ago
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
→ No new info (linked only)
Tier B
CERT-FR90d ago
Multiples vulnérabilités dans les produits Microsoft (15 avril 2026)
→ No new info (linked only)
Tier C
Krebs on Security91d ago
Patch Tuesday, April 2026 Edition
→ No new info (linked only)
Tier C
Cisco Talos91d ago
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
→ No new info (linked only)
Tier B
CCCS Canada91d ago
Microsoft security advisory – April 2026 monthly rollup (AV26-352)
→ No new info (linked only)
Tier C
VulDB91d ago
CVE-2026-32201 | Microsoft SharePoint Server 2019/LTSC 2021/LTSC 2024 input validation
→ No new info (linked only)
Tier D
SecurityWeek91d ago
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
→ No new info (linked only)
Tier A
Microsoft MSRC91d ago
CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability
→ No new info (linked only)
Tier C
CrowdStrike Blog91d ago
April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs
→ No new info (linked only)
CVSS 3.16.5 MEDIUM
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
16.0.5548.100316.0.10417.2011416.0.19725.20210
CWECWE-20
PublishedApr 14, 2026
Last enriched83d agov13
Tags
zero-dayactive exploitationserver spoofingCVE-2026-32201
Trending Score0
Source articles17
Independent15
Info Completeness11/14
Missing: epss, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-56155EXPKEV
Active Directory Federation Services Elevation of Privilege Vulnerability
Trending: 139
MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 136
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 72
CRITICALCVE-2026-55040EXP
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
Trending: 70
HIGHCVE-2026-50424EXP
Windows Domain Controller Denial of Service Vulnerability
Trending: 69

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Apr 14, 2026
Added to CISA KEV
Apr 14, 2026
Discovered by ZDM
Apr 14, 2026
Updated: description, exploitAvailable, activelyExploited
Apr 14, 2026
Updated: cweIds
Apr 14, 2026
Updated: affectedVersions, severity
Apr 14, 2026
Updated: description
Apr 14, 2026
Updated: tags
Apr 15, 2026
Updated: description
Apr 15, 2026
Updated: affectedVersions
Apr 15, 2026
Updated: description, severity
Apr 15, 2026
Updated: description, cweIds, tags
Apr 15, 2026
Updated: description
Apr 15, 2026
Updated: affectedVersions
Apr 15, 2026
Updated: affectedVersions, tags
Apr 22, 2026
Actively Exploited
Jun 19, 2026
Exploit Available
Jun 19, 2026
Patch Available
Jun 19, 2026

Version History

v13
Last enriched 83d ago
v13Tier D83d ago

Updated description with technical details, added affected versions including 2016, 2019, and Subscription Edition, changed severity to HIGH, and included CVE-2026-32201 in tags.

affectedVersionstags
via BleepingComputer
v12Tier B90d ago

Updated affected versions and noted that the patch available field is now null.

affectedVersions
via CERT-FR
v11Tier D90d ago

Updated description with more technical detail about the impact of the vulnerability.

description
via Infosecurity Magazine
v10Tier D90d ago

Updated description with more technical detail, added new CWE, and included additional tags related to server spoofing.

descriptioncweIdstags
via Infosecurity Magazine
v9Tier D90d ago

Updated severity to HIGH and added details about attackers being able to view and modify isolated data.

descriptionseverity
via Heise Security
v8Tier D90d ago

Updated affected versions to include 16.0.5548.1003 and noted that the patch is now null.

affectedVersions
via Heise Security
v7Tier B90d ago

Updated description with additional details on potential exploitation and set patchAvailable to null.

description
via JPCERT/CC
v6Tier D90d ago

Updated severity to HIGH, CVSS score to 9.8, and added new tags related to zero-day and active exploitation.

tags
via CSO Online
v5Tier C91d ago

Updated description with details on how CVE-2026-32201 can be exploited and confirmed that it is actively exploited.

description
via Krebs on Security
v4Tier C91d ago

Updated product to include Microsoft SharePoint Server 2019/LTSC 2021/LTSC 2024, changed severity to CRITICAL, and noted no available exploit.

affectedVersionsseverity
via VulDB
v3Tier D91d ago

Updated description with additional details, changed severity to HIGH, added new CWE, and noted that patch information is unclear.

cweIds
via SecurityWeek
v2Tier A91d ago

Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited
via Microsoft MSRC
v191d ago

Initial creation