CVE-2026-56164
Microsoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to elevate privileges over a network.
View on NVDAnalysis
Microsoft SharePoint presenta una vulnerabilidad de elevación de privilegios que permite a un atacante no autorizado obtener control sobre el sistema a través de la red. Esta falla está siendo explotada activamente en ataques reales, lo que representa un riesgo crítico para la infraestructura de colaboración y gestión documental.
Relevant roles
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NCWE-306CISA KEV
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
EPSS
No EPSS score yet (CVE may be too fresh).
Affects
microsoft:sharepoint_serverTechnical description
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.