CT
CyberTimes
HomeThreat WatchCVE-2026-32201
Vulnerability Advisory

CVE-2026-32201

Microsoft's April 2026 Patch Tuesday fixes a record 169 vulnerabilities including the actively exploited SharePoint zero-day CVE-2026-32201 added to CISA's KEV catalog, and a critical CVSS 9.8 unauthenticated RCE in Windows IKE (CVE-2026-33824) affecting all VPN-facing systems. Patch immediately.

Severity
critical
CVSS Score
9.8 / 10
Fix Status
Patch available
Exploitation
Actively exploited
Published
Apr 15, 2026

Affected Products

  • Microsoft SharePoint Server (all supported versions) — CVE-2026-32201
  • Windows systems with IKEv2/VPN enabled — CVE-2026-33824 (CVSS 9.8)
  • Microsoft Defender for Endpoint — CVE-2026-33825 (CVSS 7.8)
  • All Windows systems — 169 total vulnerabilities across the full Microsoft product portfolio
  • AMD, Node.js, Windows Secure Boot, Git for Windows — four third-party CVEs also addressed

Key Facts

  • Microsoft's April 2026 Patch Tuesday is the second largest in history — 169 vulnerabilities patched across the entire product portfolio, including one actively exploited zero-day in Microsoft SharePoint Server (CVE-2026-32201) that CISA has added to its Known Exploited Vulnerabilities catalog with a mandatory April 28 remediation deadline for federal agencies.
  • The most dangerous flaw in this update cycle is CVE-2026-33824, a CVSS 9.8 unauthenticated remote code execution vulnerability in the Windows Internet Key Exchange (IKE) Service — targeting VPN and IPsec infrastructure with low attack complexity, no user interaction required, and full system compromise potential.
  • Privilege escalation flaws dominate this month's release at a record 57% of all CVEs — 93 of the 169 vulnerabilities are elevation-of-privilege bugs — signalling that attackers are increasingly focused on gaining higher access once inside a network rather than initial intrusion techniques.
  • A publicly known privilege escalation flaw in Microsoft Defender (CVE-2026-33825, CVSS 7.8) is also included in this release — though Microsoft Defender updates itself automatically, making this lower urgency for systems where Defender is enabled and updating normally.

Full Analysis

Microsoft April 2026 Patch Tuesday: SharePoint Zero-Day CVE-2026-32201 Actively Exploited + CVSS 9.8 Windows IKE RCE Among 169 Fixes

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →
← All threat reportsAll articles