Vulnerability intelligence
CVE-2026-32201
Microsoft SharePoint Server Improper Input Validation Vulnerability
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.5
Medium
EPSS — Exploit Probability
24%
Riskier than 98% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-28
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-28.
13 articles across 11 outlets · first covered Apr 14, 2026 · latest Apr 15, 2026
Tracked incidents
Coverage timeline
-
CISA adds old Excel RCE and SharePoint flaw to KEV listsecurityaffairs.com · Apr 15, 2026
-
Exploiters target SAP SQLi and Adobe zero day flaws in Aprilthehackernews.com · Apr 15, 2026
-
April Patch Tuesday patches two Microsoft zero day flawswww.malwarebytes.com · Apr 15, 2026
-
Microsoft Fixes Two Zero-Days in April Patch Tuesdaywww.infosecurity-magazine.com · Apr 15, 2026
-
Microsoft patches 169 flaws, fixes exploited SharePoint bugthehackernews.com · Apr 15, 2026
-
Microsoft fixes SharePoint zero day CVE-2026-32201 in Aprilsecurityaffairs.com · Apr 15, 2026
-
CISA Warns of Active Exploit in SharePoint Flaw CVE‑2026-32201www.cisa.gov · Apr 14, 2026
-
Microsoft patches 167 flaws, including exploited SharePoint bugwww.rapid7.com · Apr 14, 2026
-
Microsoft fixes 167 flaws, patches SharePoint zero day exploitkrebsonsecurity.com · Apr 14, 2026
-
Privilege Elevation Dominates Massive Microsoft Patch Updatewww.darkreading.com · Apr 14, 2026
-
CISA Warns of Active Exploit in SharePoint Flaw CVE‑2026-32201cisa.gov · Apr 14, 2026
-
Adobe and Microsoft Patch Tuesday sees record fixes amid exploitswww.thezdi.com · Apr 14, 2026
-
Microsoft patches SharePoint zero day CVE-2026-32201 in the wildwww.securityweek.com · Apr 14, 2026