Active SharePoint Spoofing and Legacy Office RCE: CISA Alerts on New KEV Exploits
Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, sounding a fresh warning about two high-risk security flaws currently being weaponized in the wild.
The most contemporary addition is CVE-2026-32201, an improper input validation vulnerability within Microsoft SharePoint Server. This flaw allows an unauthorized attacker to perform network-level spoofing.
While the vulnerability does not directly limit system availability, the risks to confidentiality and integrity are significant. Attackers who successfully exploit this bypass can view sensitive internal data or even make unauthorized changes to disclosed information.
CISA has also flagged CVE-2009-0238. This is a Remote Code Execution (RCE) vulnerability impacting several legacy versions of Microsoft Office, including Excel 2000 SP3 through Excel 2007 SP1, as well as several Mac-based versions.
The vulnerability allows remote attackers to execute arbitrary code via a specifically crafted Excel document that triggers an access attempt on an invalid object. This specific flaw is a known quantity in the threat landscape, having been exploited in the wild as far back as February 2009 by the Trojan.Mdropper.AC malware. Its continued exploitation nearly two decades later underscores the danger of unpatched or unretired legacy systems.
CISA emphasizes that these types of vulnerabilities are “frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise”.
Under the latest federal directive, Federal Civilian Executive Branch (FCEB) agencies are required to act swiftly to secure their perimeters. All identified flaws must be remediated by April 28, 2026, to ensure the continued security of government networks.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
