Microsoft patches actively exploited zero-day flaw in SharePoint Server
Microsoft has released its April 2026 Patch Tuesday update to address 165 vulnerabilities across its product suite. The release includes an urgent fix for CVE-2026-32201, an actively exploited zero-day flaw in SharePoint Server. The vulnerability carries a severity score of 6.5 and allows attackers to bypass authentication on internet-facing servers. This cross-site scripting failure enables hackers to inject malicious scripts and execute JavaScript directly in a user browser for session hijacking or phishing. The US Cybersecurity and Infrastructure Security Agency has added the flaw to its known exploited vulnerabilities catalog. Federal agencies have until April 28 to apply the patch.
IT teams migrating to Microsoft 365 often leave legacy on-premises SharePoint servers running to host old archives or custom applications. Because these servers sit quietly in the background and require no active maintenance, administrators frequently exclude them from routine security audits and patch cycles. This zero-day turns those forgotten servers into immediate liabilities. Attackers are actively scanning for unpatched internet-facing SharePoint instances to hijack user sessions and deploy ransomware. A single unpatched legacy server can now compromise credentials that grant access to your modern cloud environment.
Analysis
Do not assume you are safe just because your primary intranet lives in SharePoint Online. Check your infrastructure today for any lingering on-premises SharePoint servers you kept alive for legacy file archives. If you find one, patch it immediately or disconnect it from the internet entirely.
Pulse published by Collab365 Spaces. Cite as "Microsoft patches actively exploited zero-day flaw in SharePoint Server", Collab365 Spaces.