Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Microsoft SharePoint Server allows unauthorized network spoofing
Known exploited
CVE-2026-32201
CVE-2026-32201
Summary
Microsoft SharePoint Server's failure to properly validate user input can allow hackers to pretend to be a trusted source on the network, potentially leading to unauthorized access or data theft. This is a critical issue that requires immediate attention from administrators. To protect your network, ensure that all software and plugins are up-to-date and that users are not using outdated or unauthorized versions of Microsoft SharePoint Server.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| microsoft | sharepoint server | All versions |
| microsoft | sharepoint_server |
< 16.0.19725.20210 2016 2019 cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:* |
Original title
Microsoft SharePoint Server Improper Input Validation Vulnerability
Original description
Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
Vulnerability type
CWE-20
Improper Input Validation
Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 14 Apr 2026