CVE-2026-56164

MEDIUM KEV

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-56164 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 14, 2026.

Description

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory patch
Microsoft SharePoint Server Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164

Scores

CVSS v3 5.3
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact partial

Details

CISA KEV 2026-07-14
VulnCheck KEV 2026-07-14
CWE
CWE-306
Status published
Products (6)
Microsoft/Microsoft SharePoint Enterprise Server 2016 16.0.0 - 16.0.5561.1001
Microsoft/Microsoft SharePoint Server 2019 16.0.0 - 16.0.10417.20175
Microsoft/Microsoft SharePoint Server Subscription Edition 16.0.0 - 16.0.19725.20434
microsoft/sharepoint_server 2016
microsoft/sharepoint_server 2019
microsoft/sharepoint_server < 16.0.19725.20434
Published Jul 14, 2026
KEV Added Jul 14, 2026
Tracked Since Jul 14, 2026