PT-2026-32853 · Microsoft · Sharepoint Server
Published
2026-04-14
·
Updated
2026-07-04
·
CVE-2026-32201
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft SharePoint Server (affected versions not specified)
Microsoft SharePoint Server Subscription Edition (affected versions not specified)
Microsoft SharePoint Enterprise Server (affected versions not specified)
Description
Improper input validation in Microsoft Office SharePoint allows an unauthenticated remote attacker to perform spoofing over a network. This issue enables attackers to gain unauthorized access to sensitive information, view protected data, and tamper with or modify disclosed information without requiring a password or user interaction. Such manipulation can be used to facilitate phishing, data manipulation, and social engineering at scale. Real-world exploitation has been observed, with over 1,300 servers remaining unpatched and exposed to these attacks.
Recommendations
Apply the security updates released on April 14 for Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server.
Fix
DoS
RCE
LPE
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sharepoint Server