top of page
perceptive_background_267k.jpg

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks

Published:

22 April 2026 at 06:53:02

Alert date:

22 April 2026 at 07:01:02

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Enterprise Applications, Zero-Day Vulnerabilities

Over 1,300 Microsoft SharePoint servers remain unpatched against a spoofing vulnerability that was initially exploited as a zero-day attack. The vulnerability is still being actively exploited in ongoing attacks against exposed SharePoint servers. This represents a significant security risk for organizations running unpatched SharePoint installations. The vulnerability allows attackers to perform spoofing attacks against vulnerable servers. Organizations should prioritize patching their SharePoint servers to prevent exploitation.

Technical details

CVE-2026-32201 is a spoofing vulnerability affecting SharePoint servers that allows threat actors without privileges to perform network spoofing by exploiting an improper input validation weakness. The attacks are low-complexity and don't require user interaction. Successful exploitation allows attackers to view sensitive information (Confidentiality) and make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability). The vulnerability was exploited as a zero-day and is still being abused in ongoing attacks.

Mitigation steps:

Apply Microsoft security updates released in April 2026 Patch Tuesday to patch CVE-2026-32201. Follow vendor instructions for mitigations. Federal agencies must patch SharePoint servers by April 28, 2026 as mandated by BOD 22-01. Follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected products:

SharePoint Enterprise Server 2016
SharePoint Server 2019
SharePoint Server Subscription Edition

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-32201
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-32201
https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2026-32201%2B&dataset=unique_ips&group_by=geo&stacking=stacked&auto_update=on
https://www.cisa.gov/news-events/alerts/2026/04/14/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-32201
https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page