Skip to content
Tech News
← Back to articles

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks

2026-04-22 | original
read original get Microsoft SharePoint Security Book → more articles
Why This Matters

The ongoing exposure of over 1,300 unpatched Microsoft SharePoint servers to a critical spoofing vulnerability highlights significant security risks for organizations relying on these systems. Failure to patch leaves sensitive information vulnerable to malicious actors, emphasizing the importance of timely updates and proactive cybersecurity measures for both industry and consumers.

Key Takeaways

Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks.

The security flaw, tracked as CVE-2026-32201, affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition (the latest on-premises version, which uses a "continuous update" model).

As Microsoft explained when it patched this security issue as part of the April 2026 Patch Tuesday, successful exploitation allows threat actors without privileges to perform network spoofing by taking advantage of an improper input validation weakness in low-complexity attacks that don't require user interaction.

"An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability)," it said.

While Microsoft flagged the vulnerability as a zero-day, it has yet to disclose how it was exploited in attacks or link this malicious activity to a specific threat actor or hacking group.

On Tuesday, Internet security watchdog group Shadowserver warned that over 1,300 unpatched Microsoft SharePoint servers exposed online are still waiting to be secured, with fewer than 200 systems patched since Microsoft released CVE-2026-32201 security updates last week.

SharePoint servers vulnerable CVE-2026-32201 attacks (Shadowserver)

​The same day Microsoft released patches for CVE-2026-32201, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.

The U.S. cybersecurity agency also ordered Federal Civilian Executive Branch (FCEB) agencies (executive branch non-military agencies, such as the Department of the Treasury and the Department of Homeland Security) to patch SharePoint servers within two weeks, by April 28, as mandated by the Binding Operational Directive (BOD) 22-01.

"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," it warned.

... continue reading

Explore topics: microsoft sharepoint cve-2026-32201 patch tuesday shadowserver
Related:
Jim Cramer says these stocks show why you need to trade on fundamentals, not fear
Xbox Game Pass Now Costs Less, but That Doesn’t Mean It’s a Good Deal
Exploits Turn Windows Defender into Attacker Tool
The AI governance mirage: Why 72% of enterprises don’t have the control and security they think they do
ChatGPT’s new Images 2.0 model is surprisingly good at generating text

© 2026 GoKawiil

About | Editorial Policy | Contact