Unpatched SharePoint spoofing flaw leaves 1,300+ servers at risk

April 22, 2026 at 01:42 PM

•

1 min read

Unpatched SharePoint spoofing flaw leaves 1,300+ servers at risk — Photo: BleepingComputer

TL;DR Summary

More than 1,300 publicly reachable Microsoft SharePoint servers remain unpatched for CVE-2026-32201, a spoofing vulnerability that was exploited as a zero-day and can let attackers view and alter sensitive data without user interaction. The bug affects SharePoint Server 2016, 2019, and Subscription Edition; Microsoft issued patches in the April 2026 Patch Tuesday, but Shadowserver reports fewer than 200 systems updated so far. CISA added the flaw to its Known Exploited Vulnerabilities catalog and ordered FCEB agencies to patch within two weeks, while Microsoft has not tied attacks to a specific actor. The vulnerability impacts confidentiality and integrity, not availability.

Topics:technology #cve-2026-32201 #patch-tuesday #sharepoint #spoofing #technology #zero-day

Share this article

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks BleepingComputer
Patch Tuesday, April 2026 Edition Krebs on Security
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities The Hacker News
KB5083769: Microsoft updates Media Creation Tool for Windows 11 USB installations Neowin
Microsoft Discloses ‘Monstrous’ Number Of Bugs As AI Discoveries Surge: Researcher crn.com

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

85%

674 → 99 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights