Medium severity6.5CISA KEVNVD Advisory· Published Apr 14, 2026· Updated May 28, 2026
CVE-2026-32201
CVE-2026-32201
Description
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*+ 3 more
- cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*range: <16.0.19725.20210
- (no CPE)
Patches
Vulnerability mechanics
References
2- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201nvdVendor Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceThird Party Advisory
News mentions
6- Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server VersionsThe Hacker News · May 26, 2026
- Mystery Microsoft bug leaker keeps the zero-days comingThe Register Security · May 13, 2026
- Microsoft Fixes Two Zero-Days in April Patch TuesdayInfosecurity Magazine · Apr 15, 2026
- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026
- Patch Tuesday, April 2026 EditionKrebs on Security · Apr 14, 2026
- Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent VulnerabilitiesCisco Talos Intelligence · Apr 14, 2026