Remote code execution in Microsoft SharePoint Server. April 2026 Patch Tuesday. Exploitable by authenticated users with Site Member permissions.
| CVE ID | CVE-2026-32201 |
| Vendor | Microsoft |
| Affected Product | SharePoint Server |
| Vulnerability Type | RCE |
| CVSS Score | 9.0 (CRITICAL) |
| Actively Exploited | ✅ Yes — CISA KEV Listed |
| Patch Available | KB5012345 |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence |
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.