Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-04-14
Microsoft patched 163 CVEs in April including two zero-day vulnerabilities in SharePoint and Microsoft Defender. CVE-2026-32201 was exploited in the wild.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-sharepoint-vulnerabilities/
https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html
https://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html
https://www.theregister.com/2026/04/15/excel_exploit/
https://www.infosecurity-magazine.com/news/microsoft-two-zerodays-april-patch/
https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.html
https://thehackernews.com/2026/04/april-patch-tuesday-fixes-critical.html
https://www.theregister.com/2026/04/14/microsofts_massive_patch_tuesday/
Published: 2026-04-14
Updated: 2026-05-28
Named Vulnerability: BlueHammerKnown Exploited Vulnerability (KEV)
Base Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: Medium
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: Medium
EPSS: 0.24172
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest