CVE-2026-32201

medium

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

From the Tenable Blog

April 2026 Microsoft Patch Tuesday | Tenable®
April 2026 Microsoft Patch Tuesday | Tenable®

Published: 2026-04-14

Microsoft patched 163 CVEs in April including two zero-day vulnerabilities in SharePoint and Microsoft Defender. CVE-2026-32201 was exploited in the wild.

References

https://www.theregister.com/security/2026/07/15/cisa-sounds-alarm-over-trio-of-exploited-sharepoint-flaws/5271814

https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-sharepoint-vulnerabilities/

https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-actively-exploited-sharepoint-flaws/

https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html

https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations

https://securityaffairs.com/194654/security/u-s-cisa-adds-a-microsoft-sharepoint-server-flaw-to-its-known-exploited-vulnerabilities-catalog.html

https://securityaffairs.com/192730/security/microsoft-sharepoint-has-a-new-rce-flaw-if-you-havent-patched-yet-go-do-that.html

https://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html

https://www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/

https://www.theregister.com/2026/04/15/excel_exploit/

https://www.malwarebytes.com/blog/news/2026/04/april-patch-tuesday-fixes-two-zero-days-including-one-under-active-attack

https://www.infosecurity-magazine.com/news/microsoft-two-zerodays-april-patch/

https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html

https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html

https://securityaffairs.com/190852/hacking/u-s-cisa-adds-microsoft-sharepoint-server-and-microsoft-office-excel-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://securityaffairs.com/190831/security/microsoft-patch-tuesday-for-april-2026-fixed-actively-exploited-sharepoint-zero-day.html

https://www.theregister.com/2026/04/14/microsofts_massive_patch_tuesday/

https://www.securityweek.com/microsoft-patches-exploited-sharepoint-zero-day-and-160-other-vulnerabilities/

https://www.cisa.gov/news-events/alerts/2026/04/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://cyberscoop.com/microsoft-patch-tuesday-april-2026/

Details

Source: Mitre, NVD

Published: 2026-04-14

Updated: 2026-05-28

Named Vulnerability: BlueHammerKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.24172

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest