MICROSOFT has issued Patch Tuesday updates fixing 165 vulnerabilities, including a SharePoint zero-day that has been exploited in the wild. The exploited SharePoint Server vulnerability is tracked as CVE-2026-32201 and is described as a spoofing issue with a CVSS score of 6.5, according to Microsoft. Improper input validation in Microsoft Office SharePoint could allow an unauthorized attacker to perform spoofing over a network and access or alter sensitive information.
It remains unclear who is behind the zero-day attacks exploiting CVE-2026-32201, and Microsoft has not disclosed who reported the hole. The vulnerability is also being seen in conjunction with other weaknesses, and CVE-2026-33825 is noted as a Defender privilege-escalation flaw that was publicly disclosed before patches were released. CISA’s Known Exploited Vulnerabilities catalog currently includes 10 SharePoint flaws, and federal agencies have been instructed to patch CVE-2026-32201 by 28 April.