Microsoft SharePoint

CVE-2026-32201, an Improper Input Validation vulnerability in Microsoft SharePoint Server, was added to the CISA Known Exploited Vulnerabilities catalogue as actively exploited at the time of the April 2026 Patch Tuesday release. The simultaneous discovery-and-exploitation pattern means organisations that had not patched by Patch Tuesday were already exposed at the moment Microsoft disclosed the vulnerability.

Microsoft SharePoint is the company's enterprise document management and collaboration platform, used by hundreds of thousands of organisations for intranet portals, document libraries and workflow automation. Its deep integration with Microsoft 365 and Active Directory makes it a high-value target: a SharePoint vulnerability with Server-side request forgery, authentication bypass or code-execution characteristics can provide a pivot into the broader M365 tenant and on-premises AD environment.

For enterprises on SharePoint Server (as opposed to SharePoint Online), the April CVE is a patch-now obligation under KEV for federal agencies and a high-priority item for enterprise patch teams. The active-at-disclosure pattern also appears in the F5 reclassification story in this update: defenders are consistently in a reactive position against vulnerabilities being exploited before or simultaneously with patch availability.