Unpatched Microsoft SharePoint servers remain exposed to CVE-2026-32201 spoofing attacks
Summary
Hide ▲
Show ▼
Over 1,300 Microsoft SharePoint servers remain unpatched against CVE-2026-32201, a spoofing vulnerability exploited as a zero-day and still actively abused in attacks. The flaw impacts SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition, enabling threat actors without privileges to perform network spoofing via improper input validation. Exploitation can compromise confidentiality and integrity but does not restrict resource access. The issue was patched in April 2026 Patch Tuesday, added to CISA’s Known Exploited Vulnerabilities Catalog, and mandated for patching by U.S. federal agencies within two weeks. Fewer than 200 systems have been updated since the patch release.
Timeline
-
22.04.2026 09:53 1 articles · 2h ago
CVE-2026-32201 added to KEV Catalog with federal patching deadline amid ongoing exploitation
CISA added CVE-2026-32201 to its Known Exploited Vulnerabilities Catalog on April 15, 2026, following Microsoft’s April 2026 Patch Tuesday advisory. The U.S. cybersecurity agency mandated Federal Civilian Executive Branch agencies to patch affected SharePoint servers by April 28, 2026, per Binding Operational Directive 22-01. Shadowserver reported over 1,300 unpatched servers exposed online, highlighting the continued risk posed by this zero-day spoofing vulnerability despite available fixes.
Show sources
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — www.bleepingcomputer.com — 22.04.2026 09:53
Information Snippets
-
CVE-2026-32201 affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition.
First reported: 22.04.2026 09:531 source, 1 articleShow sources
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — www.bleepingcomputer.com — 22.04.2026 09:53
-
Exploitation of CVE-2026-32201 allows network spoofing without privileges via improper input validation in low-complexity attacks that require no user interaction.
First reported: 22.04.2026 09:531 source, 1 articleShow sources
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — www.bleepingcomputer.com — 22.04.2026 09:53
-
Successful exploitation can lead to information disclosure (confidentiality) and unauthorized modifications (integrity), but does not restrict resource availability.
First reported: 22.04.2026 09:531 source, 1 articleShow sources
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — www.bleepingcomputer.com — 22.04.2026 09:53
-
CVE-2026-32201 was patched as part of Microsoft’s April 2026 Patch Tuesday.
First reported: 22.04.2026 09:531 source, 1 articleShow sources
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — www.bleepingcomputer.com — 22.04.2026 09:53
-
Over 1,300 unpatched SharePoint servers remain exposed online, with fewer than 200 patched since the update release.
First reported: 22.04.2026 09:531 source, 1 articleShow sources
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — www.bleepingcomputer.com — 22.04.2026 09:53
-
CISA added CVE-2026-32201 to its Known Exploited Vulnerabilities (KEV) Catalog and mandated federal agency patching within two weeks (by April 28, 2026).
First reported: 22.04.2026 09:531 source, 1 articleShow sources
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — www.bleepingcomputer.com — 22.04.2026 09:53