CVE-2026-32201

Analyzed
Published: 14 Apr 2026, 16:58
Last modified:16 Apr 2026, 14:19

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
v3.1 (cve.org)
EPSS Score
0.81% LOW
1% probability -0.38%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Apr 2026, 16:58
Published
Vulnerability first disclosed
14 Apr 2026, 00:00
Added to CISA KEV
Microsoft SharePoint Server Improper Input Validation Vulnerability
16 Apr 2026, 14:19
Last Modified
Vulnerability information updated
28 Apr 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Trends

Current EPSS score: 0.81% Percentile: 74%

Techniques & Countermeasures

  • CWE-20Improper Input Validation

    The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

  • microsoftmicrosoft sharepoint enterprise server 2016

    ≥ 16.0.0, < 16.0.5548.1003

  • microsoftmicrosoft sharepoint server 2019

    ≥ 16.0.0, < 16.0.10417.20114

  • microsoftmicrosoft sharepoint server subscription edition

    ≥ 16.0.0, < 16.0.19725.20210

  • UnknownSharePoint Server

    < 16.0.19725.20210 | 2016 | 2019

References (2)