MUST READ

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

 | 

Mirax malware campaign hits 220K accounts, enables full remote control

 | 

PHP Composer flaws enable remote command execution via Perforce VCS

 | 

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

 | 

Personal data of 1 million gym members compromised in Basic-Fit security incident

 | 

US, UK and Canada disrupt $45M crypto theft in Operation Atlantic

 | 

ShinyHunters claim the hack of Rockstar Games breach and started leaking data

 | 

Attackers target unpatched ShowDoc servers via CVE-2025-0520

 | 

U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

Fake Claude AI installer abuses DLL sideloading to deploy PlugX

 | 

Hackers access Booking.com user data, company secures systems

 | 

iPhone forensics expose Signal messages after app removal in U.S. case

 | 

Citizen Lab: Webloc tracked 500M devices for global law enforcement

 | 

Iran-linked group Handala claims to have breached three major UAE organizations

 | 

CPUID watering hole attack spreads STX RAT malware

 | 

Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621

 | 

Hackers claim control over Venice San Marco anti-flood pumps

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92

 | 

Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

 | 

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini April 15, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

  • CVE-2009-0238 Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation Vulnerability 

The first vulnerability added, tracked as CVE-2009-0238 (CVSS score of 9.3), affects multiple versions of Microsoft Excel and related viewers. It is triggered when a user opens a specially crafted Excel file that causes the application to access an invalid object in memory. This leads to memory corruption, allowing a remote attacker to execute arbitrary code on the affected system with the privileges of the user.

The vulnerability was actively exploited in the wild in February 2009, notably by the Trojan.Mdropper.AC malware, making it a significant real-world threat at the time.

The second flaw added to the catalog, tracked as CVE-2026-32201, is a critical SharePoint zero-day actively exploited in attacks in the wild, as reported by Microsoft.

CVE-2026-32201 (CVSS score of 6.5) is a spoofing vulnerability in Microsoft SharePoint Server, likely related to cross-site scripting (XSS). While details are limited, it could allow attackers to view or modify exposed information. Microsoft has not disclosed how widespread exploitation is, but given the potential impact, organizations, especially those with internet-facing SharePoint servers—should prioritize testing and applying the patch quickly.

“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.” reads the advisory. “An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).” “Exploitation Detected”

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by April 28, 2026.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

CISA Hacking hacking news information security news IT Information Security Known Exploited Vulnerabilities Catalog Microsoft Office Excel Microsoft SharePoint Server Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini April 15, 2026
PHP Composer flaws enable remote command execution via Perforce VCS
Read more
Pierluigi Paganini April 15, 2026
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

Hacking / April 15, 2026

Mirax malware campaign hits 220K accounts, enables full remote control

Uncategorized / April 15, 2026

PHP Composer flaws enable remote command execution via Perforce VCS

Security / April 15, 2026

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

Security / April 15, 2026

Personal data of 1 million gym members compromised in Basic-Fit security incident

Data Breach / April 14, 2026