SharePoint Server spoofing via improper input validation
Network-reachable spoofing flaw in on-premises Microsoft SharePoint Server (Enterprise 2016, Server 2019, Subscription Edition). Patched by Microsoft in April 2026; on CISA KEV since 2026-04-14.
- Vendor
- Microsoft
- Product
- Microsoft SharePoint Server (Enterprise 2016, Server 2019, Subscription Edition)
- CVSS
- 6.5
- EPSS (exploit probability)
- N/A
- Status
- kev
- Published
CVE-2026-32201 is an improper-input-validation vulnerability in on-premises Microsoft SharePoint Server that enables network-based spoofing without user interaction. Per Microsoft’s advisory and the NVD record, the fix is present in the April 2026 SharePoint security update for Enterprise Server 2016 (16.0.5548.1003), Server 2019 (16.0.10417.20114), and Subscription Edition (16.0.19725.20210). NVD scores it 6.5 (medium) with CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.
CISA added the CVE to the Known Exploited Vulnerabilities catalog on 2026-04-14, and re-flagged it on 2026-07-15 alongside CVE-2026-45659 and CVE-2026-56164 as one of three actively exploited on-premises SharePoint bugs — the BOD 26-04 federal deadline is 2026-07-17. Coverage: CISA: three SharePoint bugs exploited, patch by July 17.
