CISA has added CVE‑2026-32201 to its Known Exploited Vulnerabilities catalogue, affecting Microsoft SharePoint Server. The vulnerability is an improper input validation flaw that enables an unauthenticated attacker to spoof responses over a network.
The issue is classified as an input validation weakness that can be exploited remotely without authentication, allowing an attacker to manipulate data exchanged with the SharePoint service. It carries a CVSS v3.1 base score of 6.5, rated MEDIUM by NVD, and a security patch is currently available from Microsoft through the MSRC update guide.
Because CISA only adds vulnerabilities that are being actively exploited, this entry confirms that CVE‑2026-32201 is being used in the wild; no ransomware campaign has been linked to the flaw to date. Federal civilian executive branch (FCEB) agencies must remediate the vulnerability by 28 April 2026, in line with the catalogue’s due date.
CISA requires that FCEB agencies apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations cannot be applied. All other organisations should review their SharePoint Server deployments for exposure and implement the available patch or vendor‑recommended mitigations as a precaution.
For full technical details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-32201 and the CISA KEV catalogue at https://www.cisa.gov/known-exploited-vulnerabilities-catalogue.