Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including a SharePoint Server zero-day tracked as CVE-2026-32201 that has been exploited in the wild. CVE-2026-32201 is an ‘important’ spoofing flaw (CVSS 6.5) added to CISA’s KEV with a federal patch deadline of April 28, and 19 other bugs were flagged as “exploitation more likely”, including a Microsoft Defender privilege escalation. #CVE-2026-32201 #SharePoint #CISA
Keypoints
- Microsoft patched 165 vulnerabilities in April 2026, including an exploited SharePoint zero-day.
- CVE-2026-32201 is a SharePoint Server spoofing vulnerability rated important with a CVSS score of 6.5.
- CVE-2026-32201 was added to CISA’s Known Exploited Vulnerabilities list with a federal patch deadline of April 28.
- Nineteen other fixes were marked “exploitation more likely”, including CVE-2026-33825 in Microsoft Defender.
- Adobe patched over 50 flaws across 11 products, and this Patch Tuesday was the second-largest on record.