CVE-2026-32201

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Server Subscription Edition (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description Improper input validation in Microsoft SharePoint allows an unauthenticated remote attacker to perform spoofing over a network. This issue enables attackers to read and tamper with sensitive information, such as internal documents, records, and personal HR data, without requiring a password or user interaction. Exploitation can allow attackers to manipulate what users see, facilitating phishing, data manipulation, and social engineering at scale. Over 1,300 servers have been identified as remaining unpatched while the flaw is being actively exploited in real-world incidents.

Recommendations Apply the security updates released on April 14.