Cyber Resilience

CVE-2026-32201

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 14 April 2026

Published
14 April 2026
Modified
28 May 2026
KEV Added
14 April 2026
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.2417 97.6th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-32201 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32201 is an improper input validation vulnerability (CWE-20) affecting Microsoft Office SharePoint. Published on 2026-04-14, it enables an unauthorized attacker to perform spoofing attacks over a network. The vulnerability carries a CVSS v3.1 base score of 6.5 (Medium), with a network attack vector (AV:N), low attack complexity (AC:L), no required privileges (PR:N), no user interaction (UI:N), unchanged scope (S:U), low confidentiality impact (C:L), low integrity impact (I:L), and no availability impact (A:N).

An unauthorized attacker can exploit this vulnerability remotely over the network without authentication or user interaction. Successful exploitation allows spoofing, potentially leading to limited unauthorized disclosure of information or modification of data, though impacts are confined to low levels for both confidentiality and integrity.

Microsoft's Security Response Center (MSRC) provides an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 detailing patches and mitigation steps. The vulnerability is also referenced in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201, indicating active exploitation in the wild.

Security practitioners should prioritize patching SharePoint instances per MSRC guidance, given its presence in CISA's KEV catalog signaling real-world exploitation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CWE(s)
KEV Date Added
14 April 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE enables remote exploitation of public-facing SharePoint application (AV:N/AC:L/PR:N/UI:N) for spoofing, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53770Same product: Microsoft Sharepoint Serverboth on KEV
CVE-2025-49704Same product: Microsoft Sharepoint Serverboth on KEV
CVE-2026-26106Same product: Microsoft Sharepoint Server
CVE-2025-21344Same product: Microsoft Sharepoint Server
CVE-2026-20963Same product: Microsoft Sharepoint Serverboth on KEV
CVE-2025-59228Same product: Microsoft Sharepoint Server
CVE-2025-59237Same product: Microsoft Sharepoint Server
CVE-2025-49712Same product: Microsoft Sharepoint Server
CVE-2026-26114Same product: Microsoft Sharepoint Server
CVE-2026-20947Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019 · ≤ 16.0.19725.20210

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like the improper input validation in SharePoint, enabling application of the vendor patch for CVE-2026-32201.

prevent

Directly mandates organization-defined input validation at entry points to block spoofing exploits stemming from improper input handling in SharePoint.

detect

Facilitates detection of the unpatched CVE-2026-32201 vulnerability in SharePoint through vulnerability scanning, prompting remediation.

References