AI description
CVE-2026-55040 is an authentication bypass vulnerability affecting Microsoft SharePoint Server. This flaw stems from issues within the JSON Web Token (JWT) validation pipeline, allowing a remote, unauthenticated attacker to bypass the authentication process. By exploiting this vulnerability, an attacker can assume the identity of any SharePoint site user, provided they know the target user's Active Directory Security ID (SID) or User Principal Name (UPN). This authentication bypass can be chained with other vulnerabilities to achieve further compromise, such as unauthenticated remote code execution. The vulnerability was discovered by Rapid7 Labs during a zero-day research project.
- Description
- Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-1390
- Hype score
- Not currently trending
🔴 Bir güvenlik araştırmacısı CVE-2026-55040 (Authentication Bypass) açığını Flow2Shell (CVE-2026-47298) ile zincirlediğini açıkladı. CVE-2026-55040 -> Authentication Bypass https://t.co/HmhakwGTRX CVE-2026-47298 -> Flow2Shell https://t.co/MbtGPD6ItC
@ridvanyagli
14 Jul 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This is the auth by pass which I chain with Flow2Shell CVE-2026-47298 https://t.co/584HTHOvoD CVE-2026-55040 https://t.co/euecjaRUSK Look it dup with @stephenfewer and @_l0gg
@rm_rf_chumy
14 Jul 2026
1898 Impressions
1 Retweet
27 Likes
10 Bookmarks
0 Replies
0 Quotes