CVE-2026-32201

MEDIUM KEV

Microsoft SharePoint Server Spoofing Vulnerability

Title source: cna

Exploitation Summary

CVE-2026-32201 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 14, 2026. EIP tracks 1 public exploit from researchers including B1tBit.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2026-32201, demonstrating an improper input validation vulnerability in Microsoft SharePoint Server that allows unauthenticated network spoofing. The exploit sends a crafted POST request to a vulnerable endpoint, bypassing input validation to spoof sender information.

Description

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Exploits (1)

nomisec WORKING POC

by B1tBit · remote

https://github.com/B1tBit/CVE-2026-32201-exploit

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2026-32201, demonstrating an improper input validation vulnerability in Microsoft SharePoint Server that allows unauthenticated network spoofing. The exploit sends a crafted POST request to a vulnerable endpoint, bypassing input validation to spoof sender information.

Classification

Working Poc 95%

Attack Type

Spoofing

Complexity

Moderate

Reliability

Reliable

Target: Microsoft SharePoint Server 2016 Enterprise, 2019, Subscription Edition < 16.0.19725.20210

No auth needed

Prerequisites: Target SharePoint Server URL · Recipient email · Spoofed sender email

devstral-2 · analyzed Apr 23, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201

Vendor Advisory vendor-advisory patch

Microsoft SharePoint Server Spoofing Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201

Scores

CVSS v3 6.5

EPSS 0.0789

EPSS Percentile 92.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2026-04-14

VulnCheck KEV 2026-04-14

ENISA EUVD EUVD-2026-22587

CWE

CWE-20

Status published

Products (6)

Microsoft/Microsoft SharePoint Enterprise Server 2016 16.0.0 - 16.0.5548.1003

Microsoft/Microsoft SharePoint Server 2019 16.0.0 - 16.0.10417.20114

Microsoft/Microsoft SharePoint Server Subscription Edition 16.0.0 - 16.0.19725.20210

microsoft/sharepoint_server 2016

microsoft/sharepoint_server 2019

microsoft/sharepoint_server < 16.0.19725.20210

Published Apr 14, 2026

KEV Added Apr 14, 2026

Tracked Since Apr 14, 2026