CVE-2026-32201CISA KEV: Actively Exploited

Microsoft SharePoint Server Improper Input Validation Vulnerability

Published Apr 14, 2026·Updated Apr 14, 2026

Description

Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Public Exploits & PoCs1 found

[POC] CVE-2026-32201 — CVE-2026-32201-exploit

A spoofing vulnerability exists in Microsoft SharePoint Server due to improper input validation. An unauthenticated attacker can send a specially crafted HTTP request to inject malicious JavaScript (reflected XSS), which executes in the security context of the SharePoint site.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Start monitoring free