Microsoft has released its most recent Patch Tuesday updates addressing 165 vulnerabilities, which includes a SharePoint zero-day that has been actively exploited.
The SharePoint Server vulnerability in question is identified as CVE-2026-32201 and is categorized as a spoofing issue.
Microsoft has rated it as having an ‘important’ severity level, assigning it a CVSS score of 6.5.
According to Microsoft, “Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network,” indicating that an attacker could potentially exploit this vulnerability to gain access to sensitive data and modify it.
As of now, it remains uncertain who is responsible for the zero-day attacks related to CVE-2026-32201 and what their intentions may be. There is currently no publicly available information, and Microsoft has not disclosed the identity of the individual or entity that reported this security vulnerability.
However, given the vendor’s concise description, it is plausible that CVE-2026-32201 might be combined with other vulnerabilities.
Historically, SharePoint vulnerabilities have been frequently targeted. The CISA’s Known Exploited Vulnerabilities (KEV) catalog lists 10 SharePoint vulnerabilities as of now.
CVE-2026-32201 has been included in CISA’s KEV list, with federal agencies instructed to implement patches by April 28.
Among the other vulnerabilities that Microsoft addressed in its April 2026 Patch Tuesday updates, 19 have been rated with an exploitability level of ‘exploitation more likely’, suggesting that they may be targeted in future attacks.
One notable vulnerability is CVE-2026-33825, which pertains to a privilege escalation issue in Microsoft Defender that the company acknowledges was disclosed publicly prior to the release of patches.
Security vulnerabilities within Windows components such as Boot Loader, Active Directory, Remote Desktop, Hello, Storage Space Controllers, Search, TDI Translation Driver, BitLocker, Management Console, TCP/IP, Common Log File System Driver, UPnP Device Host, COM, Shell, Function Discovery Service, and Desktop Window Manager are also at an increased risk of being exploited in the future.
Satnam Narang, a senior staff research engineer at Tenable, noted that this is the second-largest Patch Tuesday update ever, just slightly below the record set in October 2025.
In a related note, Adobe has addressed over 50 vulnerabilities across 11 products in its latest round of Patch Tuesday updates.
