PT-2026-32853 · Microsoft · Sharepoint Server
Published
2026-04-14
·
Updated
2026-07-15
·
CVE-2026-32201
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft SharePoint Server (affected versions not specified)
Microsoft SharePoint Server Subscription Edition (affected versions not specified)
Microsoft SharePoint Enterprise Server (affected versions not specified)
Description
Improper input validation in Microsoft SharePoint allows an unauthenticated remote attacker to perform spoofing over a network. This issue enables attackers to gain unauthorized access to sensitive information, view protected data, and tamper with or modify disclosed information without requiring a password or user interaction. Spoofing is a technique where an attacker masquerades as a trusted entity to deceive users or systems. Real-world exploitation has been documented, including an incident where hackers accessed the Homeland Security Information Network and a connected SharePoint system. It is estimated that over 1,300 servers remained unpatched and exposed to these active attacks.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
DoS
LPE
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sharepoint Server