ACCORDING to Cybersecurity & Infrastructure Security Agency, the Known Exploited Vulnerabilities (KEV) catalog lists Microsoft SharePoint Server under CVE-2026-32201, described as an Improper Input Validation vulnerability that could allow an unauthorised attacker to spoof over a network. The entry notes a related CWE of CWE-20 and states that it is Unknown whether it has been used in ransomware campaigns.
The recommended actions are to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The vulnerability was added to the KEV catalog on 14 April 2026, with a due date of 28 April 2026. Additional references include the Microsoft Security Response Centre vulnerability page and the NVD entry for CVE-2026-32201.
This KEV record is part of CISA’s effort to provide an authoritative source of vulnerabilities exploited in the wild to help organisations prioritise remediation.