PT-2026-32853 · Microsoft · Sharepoint Server

Published

2026-04-14

·

Updated

2026-07-04

·

CVE-2026-32201

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Server Subscription Edition (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)
Description Improper input validation in Microsoft Office SharePoint allows an unauthenticated remote attacker to perform spoofing over a network. This issue enables attackers to gain unauthorized access to sensitive information, view protected data, and tamper with or modify disclosed information without requiring a password or user interaction. Such manipulation can be used to facilitate phishing, data manipulation, and social engineering at scale. Real-world exploitation has been observed, with over 1,300 servers remaining unpatched and exposed to these attacks.
Recommendations Apply the security updates released on April 14 for Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server.

Fix

DoS

RCE

LPE

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-05272
CVE-2026-32201

Affected Products

Sharepoint Server