Vulnerabilities ›

CVE-2026-32201

Medium 🇺🇸 CISA KEV

CWE-20 — Weakness Type

                    Published: Apr 14, 2026                      ·  Modified: Apr 17, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

🤖 AI Executive Summary

CVE-2026-32201 is a medium-severity vulnerability in Microsoft Office SharePoint that allows attackers to perform spoofing attacks due to improper input validation. The vulnerability can be exploited over a network without requiring authentication, potentially compromising document integrity and user trust.

📄 Description (Arabic)

تسمح هذه الثغرة للمهاجمين بتنفيذ هجمات التزييف على SharePoint من خلال المدخلات غير المتحققة منها. قد يؤدي الاستغلال إلى تزييف المستندات والمحتوى وانتحال شخصية المستخدمين الشرعيين. التأثير محدود بسبب عدم الحاجة إلى امتيازات عالية لكن قد يؤثر على سلامة البيانات.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Microsoft Office SharePoint through improper input validation, enabling network-based spoofing attacks. Organizations using SharePoint for document management and collaboration face risks of content manipulation and user impersonation.

🤖 AI Intelligence Analysis Analyzed: May 12, 2026 04:37

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking telecom energy healthcare

🎯 MITRE ATT&CK Techniques

T1566 T1598 T1187

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update Microsoft Office SharePoint to the latest patched version immediately. Implement network segmentation to restrict SharePoint access. Enable multi-factor authentication for all SharePoint users. Deploy input validation controls and Web Application Firewall rules to detect spoofing attempts. Monitor SharePoint logs for suspicious activity.

🔧 خطوات المعالجة (العربية)

قم بتحديث Microsoft Office SharePoint إلى أحدث إصدار معدل فوراً. طبق تقسيم الشبكة لتقييد الوصول إلى SharePoint. فعّل المصادقة متعددة العوامل لجميع المستخدمين. نشّر قواعد التحقق من المدخلات وجدران حماية تطبيقات الويب. راقب سجلات SharePoint للنشاط المريب.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.2 5.3 6.1

🔵 SAMA CSF

AC-2 AC-3 SI-10

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3 A.14.2.1

🔗 References & Sources 2

🔗

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201

secure@microsoft.com

Vendor Advisory

🔗

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201

134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

📦 Affected Products / CPE 3 entries

microsoft:sharepoint_server

microsoft:sharepoint_server:2016

microsoft:sharepoint_server:2019

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-20

EPSS7.94%

Exploit No

Patch ✗ No

CISA KEV🇺🇸 Yes

Published 2026-04-14

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-20

🏢 Vendor Advisories

🔗 https://msrc.microsoft.com/update-guide/vulnerabilit...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-32201

💬 Comments

Introduce Yourself

Sign In Required