CVE-2026-56164
MEDIUM KEVMicrosoft SharePoint Server Elevation of Privilege Vulnerability
Title source: cnaExploitation Summary
CVE-2026-56164 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 14, 2026.
Description
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56164
Vendor Advisory vendor-advisory
patch
Microsoft SharePoint Server Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164
Scores
CVSS v3
5.3
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2026-07-14
VulnCheck KEV
2026-07-14
CWE
CWE-306
Status
published
Products (6)
Microsoft/Microsoft SharePoint Enterprise Server 2016
16.0.0 - 16.0.5561.1001
Microsoft/Microsoft SharePoint Server 2019
16.0.0 - 16.0.10417.20175
Microsoft/Microsoft SharePoint Server Subscription Edition
16.0.0 - 16.0.19725.20434
microsoft/sharepoint_server
2016
microsoft/sharepoint_server
2019
microsoft/sharepoint_server
< 16.0.19725.20434
Published
Jul 14, 2026
KEV Added
Jul 14, 2026
Tracked Since
Jul 14, 2026