CVE-2026-32201
Published: 14 April 2026
Summary
CVE-2026-32201 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of flaws like the improper input validation in SharePoint, enabling application of the vendor patch for CVE-2026-32201.
Directly mandates organization-defined input validation at entry points to block spoofing exploits stemming from improper input handling in SharePoint.
Facilitates detection of the unpatched CVE-2026-32201 vulnerability in SharePoint through vulnerability scanning, prompting remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote exploitation of public-facing SharePoint application (AV:N/AC:L/PR:N/UI:N) for spoofing, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Deeper analysisAI
CVE-2026-32201 is an improper input validation vulnerability (CWE-20) affecting Microsoft Office SharePoint. Published on 2026-04-14, it enables an unauthorized attacker to perform spoofing attacks over a network. The vulnerability carries a CVSS v3.1 base score of 6.5 (Medium), with a network attack vector (AV:N), low attack complexity (AC:L), no required privileges (PR:N), no user interaction (UI:N), unchanged scope (S:U), low confidentiality impact (C:L), low integrity impact (I:L), and no availability impact (A:N).
An unauthorized attacker can exploit this vulnerability remotely over the network without authentication or user interaction. Successful exploitation allows spoofing, potentially leading to limited unauthorized disclosure of information or modification of data, though impacts are confined to low levels for both confidentiality and integrity.
Microsoft's Security Response Center (MSRC) provides an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 detailing patches and mitigation steps. The vulnerability is also referenced in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201, indicating active exploitation in the wild.
Security practitioners should prioritize patching SharePoint instances per MSRC guidance, given its presence in CISA's KEV catalog signaling real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 14 April 2026