CVE-2026-32201KEVEXPLOITEDPATCHED

Microsoft · Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server Spoofing Vulnerability

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft SharePoint Enterprise Server 2016	16.0.0, 16.0.0, 16.0.0, 2019, LTSC 2021, LTSC 2024

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	microsoft sharepoint server subscription edition	mitre_affected	90%
microsoft	microsoft sharepoint	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201(vendor-advisory, patch)

Related News (5 articles)

Tier C

Cisco Talos1h ago

Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

→ No new info (linked only)

Tier B

CCCS Canada2h ago

Microsoft security advisory – April 2026 monthly rollup (AV26-352)

→ No new info (linked only)

Tier C

VulDB2h ago

CVE-2026-32201 | Microsoft SharePoint Server 2019/LTSC 2021/LTSC 2024 input validation

→ No new info (linked only)

Tier D

SecurityWeek3h ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

→ No new info (linked only)

Tier A

Microsoft MSRC7h ago

CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability

→ No new info (linked only)

CVSS 3.16.5 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

16.0.5548.100316.0.10417.2011416.0.19725.20210

CWECWE-20, CWE-200

PublishedApr 14, 2026

Last enriched2h agov4

Trending Score147🔥

Source articles5

Independent5

Info Completeness11/14

Missing: epss, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-26171EXP

.NET Denial of Service Vulnerability

Trending: 71

HIGHCVE-2026-32071EXP

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Trending: 67

HIGHCVE-2026-32093EXP

Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability

Trending: 67

HIGHCVE-2026-32075EXP

Windows UPnP Device Host Elevation of Privilege Vulnerability

Trending: 67

HIGHCVE-2026-26154EXP

Windows Server Update Service (WSUS) Tampering Vulnerability

Trending: 67

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Added to CISA KEV

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, exploitAvailable, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Exploit Available

Apr 14, 2026

Patch Available

Apr 14, 2026

Updated: cweIds

Apr 14, 2026

Updated: affectedVersions, severity

Apr 14, 2026

Version History

Last enriched 2h ago

v4Tier C2h ago

Updated product to include Microsoft SharePoint Server 2019/LTSC 2021/LTSC 2024, changed severity to CRITICAL, and noted no available exploit.

affectedVersionsseverity

via VulDB

v3Tier D2h ago

Updated description with additional details, changed severity to HIGH, added new CWE, and noted that patch information is unclear.

cweIds

via SecurityWeek

v2Tier A4h ago

Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited

via Microsoft MSRC

v14h ago

Initial creation