Security researchers are warning that a medium-severity vulnerability in Microsoft SharePoint is being actively exploited in the wild. The flaw, tracked as CVE-2026-32201, is a spoofing vulnerability that arises from improper input validation within the platform.
According to Microsoft's security advisory, an unauthenticated attacker could exploit this vulnerability by tricking a user into clicking a specially crafted link. Successful exploitation would allow the attacker to conduct a spoofing attack, potentially leading users to believe they are interacting with a legitimate SharePoint site when they are not.
Microsoft has released security updates to address this vulnerability. The company rates the flaw as "Important" in severity, not "Critical," but emphasizes that exploitation has been detected. The updates are included in the April 2026 Patch Tuesday releases for affected versions of SharePoint Server.
Administrators are urged to apply the relevant patches immediately. Microsoft also recommends reviewing the security advisory for specific update guidance based on the installed version of SharePoint Server.
