COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-32201

CVE-2026-32201

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-14
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-32201
⌖ exploited in the wild shame 45/100 exploited-in-wildsupply-chaindata-breach

Microsoft SharePoint Server is actively exploited via CVE-2026-32201, enabling network spoofing that threatens DIB data integrity and trust.

This improperly validated input allows attackers to spoof network traffic against Microsoft SharePoint Server, a critical component in many DIB environments. While not an RCE or zero-day, the active exploitation status indicates widespread compromise potential, requiring immediate patching and network segmentation to prevent data exfiltration or session hijacking.

Shame score — Active exploitation of a known vulnerability in a widely deployed product indicates a systemic failure in patch management and security hygiene.

Players implicated

Microsoft · vendorSharePoint Server · product

Description

Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90