Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FortiBleed Vulnerability Exploited by INC and Lynx Ransomware to Steal Passwords
July 2, 2026
WhatsApp Username Reservations Raise Security Concerns for 2 Billion Users
July 2, 2026
Alleged Scattered Spider Member Extradited to US for 100+ Network Hacks
July 2, 2026
Home/CyberSecurity News/Critical Microsoft SharePoint Server 0-Day Actively Exploited
CyberSecurity News

Critical Microsoft SharePoint Server 0-Day Actively Exploited

Key Takeaways A critical zero-day spoofing vulnerability in Microsoft SharePoint Server is being actively exploited in the wild. The flaw, CVE-2026-32201, affects SharePoint Server Subscription...

David kimber
David kimber
April 15, 2026 3 Min Read
29 0

Key Takeaways

  • A critical zero-day spoofing vulnerability in Microsoft SharePoint Server is being actively exploited in the wild.
  • The flaw, CVE-2026-32201, affects SharePoint Server Subscription Edition, 2019, and 2016 versions.
  • It allows unauthenticated remote attackers to perform spoofing attacks, potentially leading to information disclosure and data tampering.
  • Microsoft released emergency security updates for all affected versions on April 14, 2026.

Microsoft SharePoint Server Zero-Day Under Active Exploitation

Microsoft has confirmed that a critical zero-day spoofing vulnerability impacting its SharePoint Server platform is currently under active exploitation. The revelation came on April 14, 2026, as part of the company’s routine monthly security update cycle, highlighting an urgent threat to organizations utilizing the popular enterprise collaboration software.

Table Of Content

  • Key Takeaways
  • Microsoft SharePoint Server Zero-Day Under Active Exploitation
  • Vulnerability Details and Impact
  • In-the-Wild Exploitation Confirmed
  • Available Patches
  • What You Should Do

Vulnerability Details and Impact

The flaw, identified as CVE-2026-32201, affects multiple iterations of SharePoint Server. Microsoft has assigned it an “Important” CVSS base score of 6.5, which has been adjusted to a temporal score of 6.0 due to the immediate availability of a patch. This vulnerability stems from inadequate input validation (CWE-20) within Microsoft Office SharePoint, creating an avenue for unauthenticated remote attackers to execute spoofing attacks across a network.

The vulnerability’s characteristics make it particularly attractive to threat actors. Its attack vector is classified as Network-based, with low attack complexity, and requires neither elevated privileges nor user interaction. These factors combine to create a low-barrier entry point for adversaries targeting enterprise SharePoint deployments.

Microsoft’s official advisory indicates that successful exploitation could enable attackers to gain unauthorized access to sensitive information and manipulate disclosed data. While the availability of the targeted resource remains unimpacted, the individual impact on confidentiality and integrity is rated as Low. However, the absence of authentication requirements, coupled with confirmed active exploitation, significantly elevates the real-world risk associated with this flaw.

In-the-Wild Exploitation Confirmed

The urgency surrounding CVE-2026-32201 is underscored by Microsoft’s “Exploitation Detected” assessment, confirming that active attacks were observed prior to the public release of patches. The exploit code maturity is rated as Functional, and report confidence is Confirmed, placing this vulnerability at the highest tier for enterprise patching priorities.

The fact that the flaw was not publicly known before Microsoft’s patch release suggests it was weaponized as a true zero-day by malicious actors before a coordinated disclosure could take place. This scenario demands immediate attention from IT security teams.

Available Patches

Microsoft has promptly released security updates for all three impacted SharePoint Server versions. These updates were made available on April 14, 2026, and Microsoft has explicitly stated that customer action is required for each affected product:

  • SharePoint Server Subscription Edition: KB5002853, Build 16.0.19725.20210
  • SharePoint Server 2019: KB5002854, Build 16.0.10417.20114
  • SharePoint Enterprise Server 2016: KB5002861, Build 16.0.5548.1003

Organizations are strongly advised to treat these as emergency updates given the confirmed active exploitation status.

SharePoint Server remains a cornerstone of enterprise collaboration globally, making it a prime target for both state-sponsored and financially motivated threat groups. Spoofing vulnerabilities in such critical tools can serve as initial entry points for more extensive attacks, including lateral movement within networks, credential harvesting, or business email compromise (BEC) schemes.

Microsoft has acknowledged the security community’s collaborative efforts in the coordinated disclosure process for this vulnerability.

What You Should Do

  • Immediately apply the respective security updates for all affected SharePoint Server versions.
  • Thoroughly audit SharePoint Server access logs for any signs of unusual network-based spoofing activity or anomalous authentication patterns.
  • Restrict external-facing SharePoint instances where feasible until all necessary patches have been successfully applied.
  • Actively monitor relevant threat intelligence feeds for any indicators of compromise (IOCs) linked to active exploitation campaigns.
  • Ensure that SharePoint Server instances are not directly exposed to the internet without robust layered defenses, such as Web Application Firewall (WAF) rules or stringent network segmentation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerabilityzero-day

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Fortinet Patches 2 Critical Flaws in FortiSandbox, FortiOS, FortiAnalyzer

Next Post

OpenAI Launches GPT-5.4 for Reverse Engineering, Vulnerability, and Malware Analysis

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us