CVE-2026-56155

HIGH EXPLOITED

Microsoft Windows 10 Version 1607 - Active Directory Federation Services Elevation of Privilege Vulnerability

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2026-56155 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
Active Directory Federation Services Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56155

Scores

CVSS v3 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Details

VulnCheck KEV 2026-07-14
CWE
CWE-1220
Status published
Products (13)
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.9339
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.9020
Microsoft/Windows Server 2012 6.2.9200.0 - 6.2.9200.26226
Microsoft/Windows Server 2012 (Server Core installation) 6.2.9200.0 - 6.2.9200.26226
Microsoft/Windows Server 2012 R2 6.3.9600.0 - 6.3.9600.23291
Microsoft/Windows Server 2012 R2 (Server Core installation) 6.3.9600.0 - 6.3.9600.23291
Microsoft/Windows Server 2016 10.0.14393.0 - 10.0.14393.9339
Microsoft/Windows Server 2016 (Server Core installation) 10.0.14393.0 - 10.0.14393.9339
Microsoft/Windows Server 2019 10.0.17763.0 - 10.0.17763.9020
Microsoft/Windows Server 2019 (Server Core installation) 10.0.17763.0 - 10.0.17763.9020
... and 3 more
Published Jul 14, 2026
Tracked Since Jul 14, 2026