MSRC_CVE-2026-32201 — Vulnetix

MSRC_CVE-2026-32201 PUBLISHED CVSS 6.5 MEDIUM

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	Microsoft SharePoint Enterprise Server 2016 <16.0.5548.1003
	Microsoft SharePoint Server Subscription Edition <16.0.19725.20210
	Microsoft SharePoint Server 2019 16.0.10417.20114
	Microsoft SharePoint Server 2019 <16.0.10417.20114
	Microsoft SharePoint Enterprise Server 2016 16.0.5548.1003
	Microsoft SharePoint Server Subscription Edition 16.0.19725.20210

Exploit Intelligence

A spoofing vulnerability exists in Microsoft SharePoint Server due to improper input validation. An unauthenticated attacker can send a specially crafted HTTP request to inject malicious JavaScript (reflected XSS), which executes in the security context of the SharePoint site. (github-poc-repo)
A spoofing vulnerability exists in Microsoft SharePoint Server due to improper input validation. An unauthenticated attacker can send a specially crafted HTTP request to inject malicious JavaScript (reflected XSS), which executes in the security context of the SharePoint site. (github-poc)
https://www.first.org/cvss (circl)
https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-32201.json (circl)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 (circl)
https://support.microsoft.com/help/5002861 (circl)
https://support.microsoft.com/help/5002854 (circl)
https://support.microsoft.com/help/5002853 (circl)
https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (circl)
https://support.microsoft.com/lifecycle (circl)

…and 7 more exploits

Timeline

Apr 14, 2026 CVE Published
Apr 15, 2026 Security Advisory
Apr 15, 2026 Security Advisory

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›