Exposures › CVE-2026-32201
Microsoft SharePoint Server is actively exploited via CVE-2026-32201, enabling network spoofing that threatens DIB data integrity and trust.
This improperly validated input allows attackers to spoof network traffic against Microsoft SharePoint Server, a critical component in many DIB environments. While not an RCE or zero-day, the active exploitation status indicates widespread compromise potential, requiring immediate patching and network segmentation to prevent data exfiltration or session hijacking.
Shame score — Active exploitation of a known vulnerability in a widely deployed product indicates a systemic failure in patch management and security hygiene.
Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |