SharePoint Server spoofing vulnerability allowing unauthorized attackers to exploit via network access without authentication or user interaction. Listed in CISA KEV indicating active exploitation.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-04-14
Added to CISA KEV: 2026-04-14 0 DAY BETWEEN CVE AND KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...
CISA adds the reported actively exploited vulnerabilities to the KEV catalog, provided they meet BOD 22-01 requirements. Exploited vulnerabilities CISA uncovers through incident response efforts are also added to the KEV catalog. CISA analysts perform daily open-source searches for vulnerabilities. Active exploitation information obtained from vendor security advisories are trusted sources and considered accurate.
CISA’s Known Exploited Vulnerabilities (KEV) Catalog has become one of the most operationally useful artifacts in modern vulnerability management. It is not a ranking of the scariest CVEs on paper; it is a living list of flaws that have already crossed the line into real-world abuse. CISA created the catalog under Binding Operational Directive 22-01, which established a remediation framework for vulnerabilities that pose significant risk to federal networks. (cisa.gov) That distinction is crucial.
Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin (s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.