Unpatched SharePoint spoofing flaw leaves 1,300+ servers at risk
More than 1,300 publicly reachable Microsoft SharePoint servers remain unpatched for CVE-2026-32201, a spoofing vulnerability that was exploited as a zero-day and can let attackers view and alter sensitive data without user interaction. The bug affects SharePoint Server 2016, 2019, and Subscription Edition; Microsoft issued patches in the April 2026 Patch Tuesday, but Shadowserver reports fewer than 200 systems updated so far. CISA added the flaw to its Known Exploited Vulnerabilities catalog and ordered FCEB agencies to patch within two weeks, while Microsoft has not tied attacks to a specific actor. The vulnerability impacts confidentiality and integrity, not availability.