⚠ Actively exploited
Added to CISA KEV on 2026-04-14. Federal agencies required to patch by 2026-04-28. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2026-32201 — Improper Input Validation in Microsoft Sharepoint Enterprise Server 2016
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 25.76%
CISA KEV
KEV
Added 2026-04-14
Due 2026-04-28
Exploit
No known exploits
Affected products
Timeline
PublishedApr 14
KEV addedApr 14
KEV dueApr 28
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5
Affected Packages4 packages
🔴Vulnerability Details
4GHSA▶
GHSA-jmj9-qm9w-hrqj: Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network↗2026-04-14