CVE-2026-32201

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Server Subscription Edition (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description Improper input validation in Microsoft Office SharePoint allows an unauthorized remote attacker to perform spoofing over a network. Spoofing is an attack where a threat actor forges data, addresses, identifiers, or trusted sources to impersonate a legitimate user, service, or system. Successful exploitation enables an attacker to view sensitive information and make unauthorized changes to disclosed data without requiring a password or user interaction. This issue has been actively exploited in the wild, with over 1,300 servers remaining unpatched, potentially exposing workplace files, personal records, and HR data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.