A medium-severity vulnerability in Microsoft SharePoint is vulnerable across about 1,370 IPs worldwide, according to researchers at ShadowServer.
Tracked as CVE-2026-32201, the vulnerability is linked to improper input validation in the widely used software. If successfully exploited, an attack would be able to conduct spoofing activity across a network.
The vulnerability has a severity score of only 6.5, but researchers warn the threat is more serious than the score suggests.
The Cybersecurity and Infrastructure Security Agency added the flaw to its Known Exploited Vulnerabilities catalog.
Shadowserver researchers said the number of exposed IPs is down from a week ago, when about 1,745 were found to be unpatched.
The U.S. and Germany are the most widely exposed countries, Shadowserver said.
Microsoft urged users to immediately apply security updates to address the flaw. The company last week released specific guidance on how to mitigate against vulnerabilities in SharePoint.
In March, a vulnerability tracked as CVE-2026-29963, was added to the KEV catalog by CISA. That vulnerability related to deserialization of untrusted data.
