CVE-2026-32201
Spoofing via Improper Input Validation in Microsoft SharePoint
Publication date: 2026-04-14
Last updated on: 2026-04-14
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | sharepoint_server | 2019 |
| microsoft | sharepoint_server | 2016 |
| microsoft | sharepoint_server | to 16.0.19725.20210 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper input validation in Microsoft Office SharePoint. It allows an unauthorized attacker to perform spoofing attacks over a network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling an attacker to spoof identities or data over the network, potentially misleading users or systems. This can lead to limited confidentiality and integrity issues, as indicated by the CVSS score.