"The exploited SharePoint Server vulnerability is tracked as CVE-2026-32201 and it has been described as a spoofing issue. Microsoft assigned it an 'important' severity rating with a CVSS score of 6.5."
"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. An attacker may be able to exploit the flaw to access sensitive information and alter it."
"CVE-2026-32201 has already been added to CISA's KEV list, and federal agencies have been instructed to patch it by April 28."
"Of the remaining vulnerabilities patched by Microsoft, 19 have an exploitability rating of 'exploitation more likely', indicating they may be exploited in attacks."
Microsoft's latest Patch Tuesday updates resolve 165 vulnerabilities, notably including a zero-day exploit in SharePoint Server, tracked as CVE-2026-32201. This vulnerability is a spoofing issue with a CVSS score of 6.5. An attacker can exploit it to access and alter sensitive information. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog, with federal agencies required to patch it by April 28. Additionally, 19 other vulnerabilities have an increased likelihood of exploitation, including a Microsoft Defender privilege escalation issue.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]