Skip to main content

Microsoft CVE-2026-32201

| EUVD-2026-22587 MEDIUM
Improper Input Validation (CWE-20)
2026-04-14 microsoft
Authentication Bypass Microsoft
6.5
CVSS 3.1 · NVD
Temporal: 6.0
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.0 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

9
Started Trending
Apr 14, 2026 - 20:09 vuln.today
12.0
Analysis Generated
Apr 14, 2026 - 19:43 vuln.today
Added to CISA KEV
Apr 14, 2026 - 19:37 cisa
CISA KEV
PoC Detected
Apr 14, 2026 - 19:37 vuln.today
Public exploit code
Added to CISA KEV
Apr 14, 2026 - 17:47 CISA
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22587
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
MEDIUM 6.5

DescriptionCVE.org

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Articles & Coverage 1

POC CVE-2026-32201: Microsoft SharePoint Input Validation Bypass Enables Spoofing Attacks Apr 22, 2026

AnalysisAI

Improper input validation in Microsoft SharePoint Server enables network-based spoofing attacks without authentication, allowing attackers to forge communications and deceive users. Affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft spoofed SharePoint request
Delivery
Bypass input validation
Exploit
Forge user identity
Execution
Execute unauthorized action
Impact
Compromise data integrity
Sign in to reveal

Vulnerability AssessmentAI

Risk Assessment Despite a moderate CVSS score of 6.5, this vulnerability presents elevated operational risk due to convergent high-confidence signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends a crafted network request to a SharePoint server without credentials, exploiting improper input validation to forge the origin or identity of the request. The request bypasses authentication checks and spoofs a trusted internal user or system, allowing the attacker to perform actions (such as modifying documents, stealing data, or initiating secondary attacks) that appear to originate from a legitimate SharePoint user. …
Remediation Apply vendor-released patches immediately: upgrade SharePoint Enterprise Server 2016 to 16.0.5548.1003 or later, SharePoint Server 2019 to 16.0.10417.20114 or later, or SharePoint Server Subscription Edition to 16.0.19725.20210 or later. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-32201 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy