SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-56164 2026-07-14

CVE-2026-56164: Unauthenticated Privilege Escalation in Microsoft SharePoint Server

"Microsoft SharePoint Server contains a missing-authentication flaw (CWE-306) that lets an unauthorized attacker elevate privileges over the network, and CISA has confirmed it is being actively exploited."

Microsoft SharePoint Server contains a missing-authentication flaw (CWE-306) that lets an unauthorized attacker elevate privileges over the network, and CISA has confirmed it is being actively exploited.

What Is It

CVE-2026-56164 is a "missing authentication for critical function" vulnerability in Microsoft Office SharePoint. Per the NVD description, it "allows an unauthorized attacker to elevate privileges over a network." The flaw is network-reachable, requires no privileges, and needs no user interaction (attack vector: network; attack complexity: low; PR:None; UI:None).

The record carries two divergent scores. Microsoft's secondary CVSS 3.1 rating is 5.3 (MEDIUM), reflecting low integrity impact only. The NVD primary rating is 9.8 (CRITICAL), reflecting high confidentiality, integrity, and availability impact. CISA's SSVC assessment marks exploitation as "active," automatable as "yes," and technical impact as "partial."

Why It Matters

CISA added CVE-2026-56164 to the Known Exploited Vulnerabilities (KEV) catalog on 2026-07-14, confirming active exploitation in the wild. Because the vulnerability is unauthenticated, network-accessible, and, per SSVC, automatable, it is well suited to opportunistic, at-scale attacks against internet-exposed SharePoint deployments. Known ransomware campaign use is currently listed as "Unknown."

What's Vulnerable

The following on-premises products (x64-based systems) are affected:

Patch Status

CISA's required action: apply mitigations per Microsoft's instructions in line with BOD 26-04 (Prioritizing Security Updates Based on Risk) and CISA's "Forensics Triage Requirements." Follow applicable BOD 26-04 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Stakeholders must evaluate each asset's internet exposure and adhere to BOD 26-04 patching guidelines. The remediation due date is 2026-07-17. Update to at or above the fixed build for your edition (listed above); consult the MSRC advisory for update details.

Sources