Over 1,300 Microsoft SharePoint servers remain unpatched against CVE-2026-32201, a spoofing vulnerability that was exploited as a zero-day and continues to be abused in active attacks. The flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and the Subscription Edition, allowing unprivileged attackers to perform network spoofing via improper input validation without user interaction. Microsoft patched the issue in April 2026 Patch Tuesday, and CISA added it to its Known Exploited Vulnerabilities catalog, ordering federal agencies to patch by April 28. Shadowserver reports fewer than 200 systems have been patched since the fix was released.
Table of contents
Related Articles:Sort: