Medium-severity flaw in Microsoft SharePoint exploited - Cybersecurity Dive

Medium-severity flaw in Microsoft SharePoint exploited The flaw should be taken seriously, despite its relatively low score, according to researchers. Published April 15, 2026 • Updated April 16, 2026 David Jones Reporter Share License Add us on Google Microsoft’s headquarters in Redmond, Washington, on July 3, 2024. A medium-severity flaw in SharePoint is facing exploitation as of April 14, 2026. Getty Images Researchers warn that hackers are exploiting a medium-grade flaw in Microsoft SharePoint.  The vulnerability, tracked as CVE-2026-32201, stems from improper input validation in SharePoint, which allows an unauthorized attacker to conduct spoofing activity over a network. The vulnerability has a severity score of 6.5.  A successful attack can allow a hacker to view and make changes to confidential information, according to a security update from Microsoft. Researchers from threat intelligence firm Defused posted to X saying they are tracking a coordinated reconnaissance campaign targeting SharePoint across four IPs.  The activity involves four hosting providers sequenced from April 1 to April 11.  The Cybersecurity and Infrastructure Security Agency on Wednesday added the vulnerability to the Known Exploited Vulnerabilities catalog. Microsoft initially offered limited details about the spoofing vulnerability, confirming that it was “mitigated,” according to a spokesperson. The company later shared some additional guidance, which included mitigation steps. The guidance also referenced a separate cross-site scripting vulnerability in SharePoint, tracked as CVE-2026-20945, which involves the improper neutralization of input during web page generation. The cross-site scripting vulnerability has not been exploited, according to Microsoft..   The disclosure comes about a month after a prior SharePoint vulnerability, tracked as CVE-2026- 20963, was added to the KEV catalog by CISA. That vulnerability is due to deserialization of untrusted data and has a severity score of 9.8. Hundreds of SharePoint customers were targeted in a massive exploitation campaign in 2025, dubbed ToolShell. The 2025 campaign involved targeting of a remote code injection flaw, tracked as CVE-2025-49704 and a network spoofing vulnerability, tracked as CVE-2025-49706. Editor’s note: Updates with additional information from Microsoft. Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Vulnerability