Skip to content
Actively exploitedCVSS 5.3 · MEDIUM

CVE-2026-56164

Microsoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to elevate privileges over a network.

View on NVD

Analysis

Microsoft SharePoint presenta una vulnerabilidad de elevación de privilegios que permite a un atacante no autorizado obtener control sobre el sistema a través de la red. Esta falla está siendo explotada activamente en ataques reales, lo que representa un riesgo crítico para la infraestructura de colaboración y gestión documental.

Relevant roles

CyberSecurityWindowsBackendCloud

Severity

Score: 5.3(MEDIUM)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: LOW
A: NONE
Weakness (CWE): CWE-306

CISA KEV

Added to KEV: 2026-07-14
Federal patch deadline: 2026-07-17
Known ransomware use: Unknown
Required action

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

EPSS

No EPSS score yet (CVE may be too fresh).

Affects

microsoft:sharepoint_server

Technical description

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

Published: 7/14/2026, 5:17:09 PM
Last modified: 7/14/2026, 9:10:41 PM

References

HomeEventsBlogResourcesTeam