SharePoint Server spoofing vulnerability allowing unauthorized attackers to exploit via network access without authentication or user interaction. Listed in CISA KEV indicating active exploitation.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-04-14
Added to CISA KEV: 2026-04-14 0 DAY BETWEEN CVE AND KEV
Regarding CVE-2026-32201, the available information does not specifically detail its exploitation status, attack vectors, or whether it has been used in targeted attacks. However, CISA's Known Exploited Vulnerabilities (KEV) Catalog is a resource that lists vulnerabilities with evidence of active exploitation [1][5].
CISA adds vulnerabilities to the KEV Catalog based on evidence of active exploitation [5][6]. This catalog is considered an authoritative source of vulnerabilities that have been exploited in the wild and is intended to help organizations prioritize their vulnerability management [1]. The catalog is maintained under Binding Operational Directive 22-01, which focuses on vulnerabilities posing a significant risk to federal networks [3].
While specific details for CVE-2026-32201 are not provided, the KEV catalog includes vulnerabilities that have crossed the line into real-world abuse [3]. Successful exploitation of some vulnerabilities listed in the catalog may lead to consequences such as remote code execution to exfiltrate usernames and hashed passwords [4].
There is no information available regarding whether CVE-2026-32201 specifically affects internet-facing applications or services, nor are there details on its technical exploitability in that context. The catalog is updated based on daily open-source searches and information from vendor security advisories [2].
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…
CISA adds the reported actively exploited vulnerabilities to the KEV catalog, provided they meet BOD 22-01 requirements. Exploited vulnerabilities CISA uncovers through incident response efforts are also added to the KEV catalog. CISA analysts perform daily open-source searches for vulnerabilities.
CISA’s Known Exploited Vulnerabilities (KEV) Catalog has become one of the most operationally useful artifacts in modern vulnerability management. It is not a ranking of the scariest CVEs on paper; it is a living list of flaws that have already crossed the line into real-world abuse. CISA created th…
Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin (s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.