CVE-2026-32208 is a cross-site scripting (XSS) vulnerability in Microsoft Edge (Chromium-based) that allows an authenticated attacker to perform spoofing attacks over a network. The flaw stems from improper handling of user input during web page generation, meaning malicious content could be injected and rendered in a victim’s browser session. This is particularly relevant in enterprise environments where Edge is widely deployed for accessing cloud portals and internal web applications.

Security Architect’s Take: Ensure Microsoft Edge is updated to the patched version across all managed endpoints, prioritising devices used to access Azure Portal, M365, and other sensitive web applications. Verify your endpoint management tooling (e.g. Intune or WSUS) has deployed the fix, and consider reviewing Content Security Policy configurations on internally hosted web apps to reduce XSS exposure as a defence-in-depth measure.

Original advisory: CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-47646 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Voice that allows an unauthenticated attacker to perform spoofing attacks over a network. The flaw stems from improper handling of user-supplied input during web page generation, meaning malicious content could be injected and rendered in a victim’s browser. Because no authentication is required to exploit this, the potential reach is broad for any organisation using Customer Voice externally.

Security Architect’s Take: Review your Dynamics 365 Customer Voice deployments and ensure Microsoft’s patch is applied promptly; additionally, assess whether any customer-facing survey links or embedded forms could be weaponised to deliver spoofed content to end users, and consider adding Content Security Policy (CSP) headers as a compensating control where supported.

Original advisory: CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability

CVE-2026-47636 is a spoofing vulnerability affecting Microsoft SharePoint Server, which could allow an attacker to impersonate another user or system within the platform. Spoofing vulnerabilities can undermine trust and authentication controls, potentially enabling further attacks such as phishing, data exfiltration, or lateral movement. This update is an acknowledgement change only and carries no new technical detail or patch.

Security Architect’s Take: Verify that the latest SharePoint Server cumulative updates are applied across your estate, and review audit logs for any anomalous authentication or identity-related activity. No immediate action is required in response to this specific advisory update, but treat the underlying CVE as a prompt to confirm patch compliance.

Original advisory: CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability