By Eduard Kovacs
Publication Date: 2026-04-14 18:14:00
Microsoft’s latest Patch Tuesday updates fix 165 vulnerabilities, including a SharePoint zero-day that has been exploited in the wild.
The exploited SharePoint Server vulnerability is tracked as CVE-2026-32201 and it has been described as a spoofing issue.
Microsoft assigned it an ‘important’ severity rating with a CVSS score of 6.5.
“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network,” Microsoft said, adding that an attacker may be able to exploit the flaw to access sensitive information and alter it.
It’s unclear who is behind the zero-day attacks exploiting CVE-2026-32201 and what their motivation is. At the time of writing no information appears to be available and Microsoft has yet to say who reported the security hole.
However, based on the vendor’s brief description it’s possible that CVE-2026-32201 is being chained with other weaknesses.