AI description
CVE-2026-56164 is a missing authentication for critical function vulnerability found in Microsoft SharePoint Server. This flaw allows an unauthorized attacker to elevate privileges over a network. The vulnerability affects all supported on-premises SharePoint Server versions, including Subscription Edition, 2019, and 2016. It has been actively exploited in the wild as a zero-day, enabling cyber threat actors to gain unauthorized access to SharePoint Server instances and potentially engage in post-exploitation activities.
- Description
- Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
- Exploit added on
- Jul 14, 2026
- Exploit action due
- Jul 17, 2026
- Required action
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- secure@microsoft.com
- CWE-306
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
🚨 Microsoft Patch Tuesday (July 2026): Microsoft has patched ~570 vulnerabilities, including critical RCE flaws and three publicly disclosed issues: CVE-2026-56164, CVE-2026-56155, and CVE-2026-50661. #CyberSecurity #Microsoft #PatchTuesday #CVE #ThreatWire
@ThreatWire_
14 Jul 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s July 2026 Patch Tuesday delivers fixes for approximately 570 vulnerabilities across its product ecosystem, following June’s record-breaking release of 206 flaws that also included three publicly disclosed zero-days. 📌 CVE-2026-56164 📌 CVE-2026-56155 📌 ht
@The_Cyber_News
14 Jul 2026
3901 Impressions
14 Retweets
62 Likes
11 Bookmarks
4 Replies
0 Quotes