CVE-2026-56155
HIGH EXPLOITEDMicrosoft Windows 10 Version 1607 - Active Directory Federation Services Elevation of Privilege Vulnerability
Title source: ruleExploitation Summary
CVE-2026-56155 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
Active Directory Federation Services Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56155
Scores
CVSS v3
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Details
VulnCheck KEV
2026-07-14
CWE
CWE-1220
Status
published
Products (13)
Microsoft/Windows 10 Version 1607
10.0.14393.0 - 10.0.14393.9339
Microsoft/Windows 10 Version 1809
10.0.17763.0 - 10.0.17763.9020
Microsoft/Windows Server 2012
6.2.9200.0 - 6.2.9200.26226
Microsoft/Windows Server 2012 (Server Core installation)
6.2.9200.0 - 6.2.9200.26226
Microsoft/Windows Server 2012 R2
6.3.9600.0 - 6.3.9600.23291
Microsoft/Windows Server 2012 R2 (Server Core installation)
6.3.9600.0 - 6.3.9600.23291
Microsoft/Windows Server 2016
10.0.14393.0 - 10.0.14393.9339
Microsoft/Windows Server 2016 (Server Core installation)
10.0.14393.0 - 10.0.14393.9339
Microsoft/Windows Server 2019
10.0.17763.0 - 10.0.17763.9020
Microsoft/Windows Server 2019 (Server Core installation)
10.0.17763.0 - 10.0.17763.9020
... and 3 more
Published
Jul 14, 2026
Tracked Since
Jul 14, 2026