PT-2026-32853 · Microsoft · Sharepoint Server

Published

2026-04-14

·

Updated

2026-07-15

·

CVE-2026-32201

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Server Subscription Edition (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)
Description Improper input validation in Microsoft SharePoint allows an unauthenticated remote attacker to perform spoofing over a network. This issue enables attackers to gain unauthorized access to sensitive information, view protected data, and tamper with or modify disclosed information without requiring a password or user interaction. Spoofing is a technique where an attacker masquerades as a trusted entity to deceive users or systems. Real-world exploitation has been documented, including an incident where hackers accessed the Homeland Security Information Network and a connected SharePoint system. It is estimated that over 1,300 servers remained unpatched and exposed to these active attacks.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

RCE

DoS

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-05272
CVE-2026-32201

Affected Products

Sharepoint Server