Vulnerability-Lookup

CVE-2026-32201 (GCVE-0-2026-32201)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-05-12 17:39

CISA KEV

Title

Microsoft SharePoint Server Spoofing Vulnerability

Summary

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5548.1003 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10417.20114 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.19725.20210 (custom)

Date Public

2026-04-14 14:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 6900f11f-52e4-4aca-ba00-96d6ca32b39a

Vulnerability ID: CVE-2026-32201

Status: Confirmed

Status Updated: 2026-04-14 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2026-04-14

Asserted: 2026-04-14

Scope

Notes: KEV entry: Microsoft SharePoint Server Improper Input Validation Vulnerability | Affected: Microsoft / SharePoint Server | Description: Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-04-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-20
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	SharePoint Server
Due Date	2026-04-28
Date Added	2026-04-14
Vendorproject	Microsoft
Vulnerabilityname	Microsoft SharePoint Server Improper Input Validation Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2026-32201

Created: 2026-04-14 18:00 UTC | Updated: 2026-04-14 18:00 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32201",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-04-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T03:55:16.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5548.1003",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20114",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.19725.20210",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5548.1003",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10417.20114",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.19725.20210",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T17:39:35.602Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Spoofing Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
        }
      ],
      "title": "Microsoft SharePoint Server Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-32201",
    "datePublished": "2026-04-14T16:58:36.981Z",
    "dateReserved": "2026-03-11T01:49:58.658Z",
    "dateUpdated": "2026-05-12T17:39:35.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2026-32201",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2026-04-14",
      "dueDate": "2026-04-28",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201",
      "product": "SharePoint Server",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft SharePoint Server Improper Input Validation Vulnerability"
    },
    "epss": {
      "cve": "CVE-2026-32201",
      "date": "2026-05-25",
      "epss": "0.09439",
      "percentile": "0.92913"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-32201\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-04-14T18:17:27.160\",\"lastModified\":\"2026-04-14T19:37:08.297\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"cisaExploitAdd\":\"2026-04-14\",\"cisaActionDue\":\"2026-04-28\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft SharePoint Server Improper Input Validation Vulnerability\",\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\",\"versionEndExcluding\":\"16.0.19725.20210\",\"matchCriteriaId\":\"5CA92EAC-72F0-43F4-A8E0-FA40C57AEF01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F815EF1D-7B60-47BE-9AC2-2548F99F10E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32201\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-15T09:37:39.308837Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-04-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T17:26:37.680Z\"}}], \"cna\": {\"title\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Enterprise Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5548.1003\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.10417.20114\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server Subscription Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.19725.20210\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2026-04-14T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201\", \"name\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5548.1003\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10417.20114\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.19725.20210\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-05-12T17:39:35.602Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-32201\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T17:39:35.602Z\", \"dateReserved\": \"2026-03-11T01:49:58.658Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-04-14T16:58:36.981Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0445

Vulnerability from certfr_avis - Published: 2026-04-15 - Updated: 2026-04-15

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Microsoft indique que la vulnérabilité CVE-2026-32201 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20210
Microsoft	N/A	azl3 rubygem-addressable 2.8.5-2 versions antérieures à 2.9.0-1
Microsoft	N/A	Microsoft Power Apps versions antérieures à 3.26032.10.0
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2165.1
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.79
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1175.1
Microsoft	N/A	Microsoft Visual Studio Code CoPilot Chat Extension versions antérieures à 0.37.3
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.30
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 24) versions antérieures à 16.0.4250.1
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3525.1
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.19
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20114
Microsoft	N/A	azl3 libpng 1.6.56-1 versions antérieures à 1.6.57-1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (inclus 16.0 - 16.3) antérieures à 16.11.55
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7080.1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.55
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1110.1
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4465.1
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2105.1
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5548.1003
Microsoft	N/A	Microsoft Defender Antimalware Platform versions antérieures à 4.18.26030.3011
Microsoft	N/A	Microsoft HPC Pack 2019 versions antérieures à 6.3.8355
Microsoft	N/A	azl3 golang 1.25.8-1 versions antérieures à 1.25.9-1
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6485.1
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0 antérieures à 9.1.0044.0015
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (CU3) versions antérieures à 17.0.4030.1
Microsoft	N/A	PowerShell 7.5 versions antérieures à 7.5.5
Microsoft	N/A	PowerShell 7.4 versions antérieures à 7.4.14
Microsoft	N/A	azl3 golang 1.26.1-1 versions antérieures à 1.26.2-1
Microsoft	N/A	azl3 libexif 0.6.24-2 versions antérieures à 0.6.24-3

References

Title

Publication Time

CNVD-2026-19432

Vulnerability from cnvd - Published: 2026-05-08

Title

Microsoft SharePoint Server欺骗漏洞（CNVD-2026-19432）

Description

Microsoft SharePoint Server是美国微软（Microsoft）公司的一套企业业务协作平台。该平台用于对业务信息进行整合，并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。 Microsoft SharePoint Server存在欺骗漏洞，攻击者可利用该漏洞进行欺骗攻击。

Severity

中

Patch Name

Microsoft SharePoint Server欺骗漏洞（CNVD-2026-19432）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201

Reference

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201

Impacted products

Name
['Microsoft SharePoint Enterprise Server 2016', 'Microsoft SharePoint Server 2019', 'Microsoft SharePoint Server Subscription Edition']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-32201",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-32201"
    }
  },
  "description": "Microsoft SharePoint Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\n\nMicrosoft SharePoint Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-19432",
  "openTime": "2026-05-08",
  "patchDescription": "Microsoft SharePoint Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\r\n\r\nMicrosoft SharePoint Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft SharePoint Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2026-19432\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft SharePoint Enterprise Server 2016",
      "Microsoft SharePoint Server 2019",
      "Microsoft SharePoint Server Subscription Edition"
    ]
  },
  "referenceLink": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201",
  "serverity": "\u4e2d",
  "submitTime": "2026-04-21",
  "title": "Microsoft SharePoint Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2026-19432\uff09"
}

FKIE_CVE-2026-32201

Vulnerability from fkie_nvd - Published: 2026-04-14 18:17 - Updated: 2026-04-14 19:37

CISA KEV

Severity

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201	Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	sharepoint_server	*
microsoft	sharepoint_server	2016
microsoft	sharepoint_server	2019

JSON

To clipboard

{
  "cisaActionDue": "2026-04-28",
  "cisaExploitAdd": "2026-04-14",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft SharePoint Server Improper Input Validation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
              "matchCriteriaId": "5CA92EAC-72F0-43F4-A8E0-FA40C57AEF01",
              "versionEndExcluding": "16.0.19725.20210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
    }
  ],
  "id": "CVE-2026-32201",
  "lastModified": "2026-04-14T19:37:08.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-04-14T18:17:27.160",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}

GHSA-JMJ9-QM9W-HRQJ

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30

Details

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-32201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T18:17:27Z",
    "severity": "MODERATE"
  },
  "details": "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.",
  "id": "GHSA-jmj9-qm9w-hrqj",
  "modified": "2026-04-14T18:30:41Z",
  "published": "2026-04-14T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32201"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-32201

Vulnerability from csaf_microsoft - Published: 2026-04-14 07:00 - Updated: 2026-04-14 07:00

Summary

Microsoft SharePoint Server Spoofing Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-32201

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Microsoft SharePoint Enterprise Server 2016 16.0.5548.1003 Microsoft SharePoint Enterprise Server 2016		16.0.5548.1003
Microsoft SharePoint Server 2019 16.0.10417.20114 Microsoft SharePoint Server 2019		16.0.10417.20114
Microsoft SharePoint Server Subscription Edition 16.0.19725.20210 Microsoft SharePoint Server Subscription Edition		16.0.19725.20210

Known affected 3 products

Product	Version	Remediation
Microsoft SharePoint Server Subscription Edition <16.0.19725.20210 Microsoft SharePoint Server Subscription Edition	<16.0.19725.20210	Vendor Fix fix
Microsoft SharePoint Server 2019 <16.0.10417.20114 Microsoft SharePoint Server 2019	<16.0.10417.20114	Vendor Fix fix
Microsoft SharePoint Enterprise Server 2016 <16.0.5548.1003 Microsoft SharePoint Enterprise Server 2016	<16.0.5548.1003	Vendor Fix fix

Threats

Impact Spoofing

Exploit Status Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
      },
      {
        "category": "self",
        "summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-32201.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft SharePoint Server Spoofing Vulnerability",
    "tracking": {
      "current_release_date": "2026-04-14T07:00:00.000Z",
      "generator": {
        "date": "2026-04-14T16:56:52.388Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-32201",
      "initial_release_date": "2026-04-14T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-04-14T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5548.1003",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 \u003c16.0.5548.1003",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5548.1003",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 16.0.5548.1003",
              "product_id": "10950"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Enterprise Server 2016"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.10417.20114",
            "product": {
              "name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20114",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.10417.20114",
            "product": {
              "name": "Microsoft SharePoint Server 2019 16.0.10417.20114",
              "product_id": "11585"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server 2019"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.19725.20210",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20210",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.19725.20210",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20210",
              "product_id": "11961"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server Subscription Edition"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-32201",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).",
          "title": "According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "10950",
          "11585",
          "11961"
        ],
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201"
        },
        {
          "category": "self",
          "summary": "CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-32201.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "16.0.5548.1003:Security Update:https://support.microsoft.com/help/5002861",
          "product_ids": [
            "3"
          ],
          "url": "https://support.microsoft.com/help/5002861"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "16.0.10417.20114:Security Update:https://support.microsoft.com/help/5002854",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5002854"
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-14T07:00:00.000Z",
          "details": "16.0.19725.20210:Security Update:https://support.microsoft.com/help/5002853",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/help/5002853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Spoofing"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected"
        }
      ],
      "title": "Microsoft SharePoint Server Spoofing Vulnerability"
    }
  ]
}

NCSC-2026-0116

Vulnerability from csaf_ncscnl - Published: 2026-04-14 19:20 - Updated: 2026-04-14 19:20

Summary

Kwetsbaarheden verholpen in Microsoft Office

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen. ``` Microsoft Office PowerPoint: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32200 | 7,80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office Word: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-33095 | 7,80 | Uitvoeren van willekeurige code | | CVE-2026-33822 | 6,10 | Toegang tot gevoelige gegevens | | CVE-2026-23657 | 7,80 | Uitvoeren van willekeurige code | | CVE-2026-33114 | 8,40 | Uitvoeren van willekeurige code | | CVE-2026-33115 | 8,40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32190 | 8,40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office SharePoint: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-20945 | 4,60 | Voordoen als andere gebruiker | | CVE-2026-32201 | 6,50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2026-32188 | 7,10 | Toegang tot gevoelige gegevens | | CVE-2026-32189 | 7,80 | Uitvoeren van willekeurige code | | CVE-2026-32197 | 7,80 | Uitvoeren van willekeurige code | | CVE-2026-32198 | 7,80 | Uitvoeren van willekeurige code | | CVE-2026-32199 | 7,80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-125: Out-of-bounds Read

CWE-416: Use After Free

CWE-822: Untrusted Pointer Dereference

CVE-2026-20945

Microsoft Office SharePoint contains a vulnerability due to improper input neutralization during web page generation, allowing authorized attackers to conduct network spoofing via cross-site scripting.

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-23657

A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32188

An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized local information disclosure, potentially exposing sensitive data to attackers.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32189

A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32190

The document highlights a 'use after free' vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32197

A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32198

A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32199

A vulnerability in Microsoft Office Excel, termed 'use after free,' allows unauthorized attackers to execute code locally on affected systems.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32200

A use-after-free vulnerability in Microsoft Office PowerPoint allows an attacker to execute unauthorized local code, potentially compromising the affected system.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-32201

Microsoft Office SharePoint suffers from an improper input validation vulnerability that enables unauthorized attackers to perform network spoofing.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-33095

A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-33114

An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-822 - Untrusted Pointer Dereference

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-33115

A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

CVE-2026-33822

An out-of-bounds read vulnerability in Microsoft Office Word allows an unauthorized local attacker to disclose sensitive information.

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 28 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 32-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft 365 Apps for Enterprise for 64-bit Systems		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Excel 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office 2019 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2021 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 32-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC 2024 for 64-bit editions		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2021		vers:unknown/*
vers:unknown/* Microsoft / Microsoft Office LTSC for Mac 2024		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (32-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft PowerPoint 2016 (64-bit edition)		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Enterprise Server 2016		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server 2019		vers:unknown/*
vers:unknown/* Microsoft / Microsoft SharePoint Server Subscription Edition		vers:unknown/*
vers:unknown/* Microsoft / Office Online Server		vers:unknown/*
vers:unknown/* Microsoft / SharePoint Server		vers:unknown/*

References

14 references

URL	Category
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om beveiligingsmaatregelen te omzeilen, zoch voor te doen als andere gebruiker en zich zo verhoogde rechten toe te kennen en toegang te krijgen tot gevoelige gegevens.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden en malafide bestand te openen of link te volgen.\n\n```\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32200 | 7,80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33095 | 7,80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33822 | 6,10 | Toegang tot gevoelige gegevens      | \n| CVE-2026-23657 | 7,80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33114 | 8,40 | Uitvoeren van willekeurige code     | \n| CVE-2026-33115 | 8,40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32190 | 8,40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-20945 | 4,60 | Voordoen als andere gebruiker       | \n| CVE-2026-32201 | 6,50 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32188 | 7,10 | Toegang tot gevoelige gegevens      | \n| CVE-2026-32189 | 7,80 | Uitvoeren van willekeurige code     | \n| CVE-2026-32197 | 7,80 | Uitvoeren van willekeurige code     | \n| CVE-2026-32198 | 7,80 | Uitvoeren van willekeurige code     | \n| CVE-2026-32199 | 7,80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Untrusted Pointer Dereference",
        "title": "CWE-822"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Office",
    "tracking": {
      "current_release_date": "2026-04-14T19:20:56.343558Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0116",
      "initial_release_date": "2026-04-14T19:20:56.343558Z",
      "revision_history": [
        {
          "date": "2026-04-14T19:20:56.343558Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Excel 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office 2019 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2021 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 32-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC 2024 for 64-bit editions"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2021"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft Office LTSC for Mac 2024"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft PowerPoint 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft PowerPoint 2016 (32-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft PowerPoint 2016 (64-bit edition)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Enterprise Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "Microsoft SharePoint Server Subscription Edition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-27"
                }
              }
            ],
            "category": "product_name",
            "name": "Office Online Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-28"
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint Server"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-20945",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "Microsoft Office SharePoint contains a vulnerability due to improper input neutralization during web page generation, allowing authorized attackers to conduct network spoofing via cross-site scripting.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20945 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20945.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-20945"
    },
    {
      "cve": "CVE-2026-23657",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-23657 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-23657.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-23657"
    },
    {
      "cve": "CVE-2026-32188",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Microsoft Office Excel allows unauthorized local information disclosure, potentially exposing sensitive data to attackers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32188 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32188.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32188"
    },
    {
      "cve": "CVE-2026-32189",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32189 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32189.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32189"
    },
    {
      "cve": "CVE-2026-32190",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "The document highlights a \u0027use after free\u0027 vulnerability in Microsoft Office that allows unauthorized attackers to execute code locally.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32190 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32190.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32190"
    },
    {
      "cve": "CVE-2026-32197",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32197 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32197.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32197"
    },
    {
      "cve": "CVE-2026-32198",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32198 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32198.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32198"
    },
    {
      "cve": "CVE-2026-32199",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A vulnerability in Microsoft Office Excel, termed \u0027use after free,\u0027 allows unauthorized attackers to execute code locally on affected systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32199 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32199.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32199"
    },
    {
      "cve": "CVE-2026-32200",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use-after-free vulnerability in Microsoft Office PowerPoint allows an attacker to execute unauthorized local code, potentially compromising the affected system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32200 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32200.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32200"
    },
    {
      "cve": "CVE-2026-32201",
      "notes": [
        {
          "category": "description",
          "text": "Microsoft Office SharePoint suffers from an improper input validation vulnerability that enables unauthorized attackers to perform network spoofing.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-32201 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-32201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-32201"
    },
    {
      "cve": "CVE-2026-33095",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33095 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33095.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-33095"
    },
    {
      "cve": "CVE-2026-33114",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        },
        {
          "category": "description",
          "text": "An untrusted pointer dereference vulnerability in Microsoft Office Word enables unauthorized local code execution by attackers.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33114 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33114.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-33114"
    },
    {
      "cve": "CVE-2026-33115",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "A use after free vulnerability in Microsoft Office Word allows unauthorized attackers to execute code locally, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-33115"
    },
    {
      "cve": "CVE-2026-33822",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability in Microsoft Office Word allows an unauthorized local attacker to disclose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33822 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33822.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28"
          ]
        }
      ],
      "title": "CVE-2026-33822"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-32201 (GCVE-0-2026-32201)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

CERTFR-2026-AVI-0445

Solutions

CNVD-2026-19432

FKIE_CVE-2026-32201

GHSA-JMJ9-QM9W-HRQJ

MSRC_CVE-2026-32201

NCSC-2026-0116

Tags

Sightings

Nomenclature