CVE Tools

CVE-2026-55040

Microsoft SharePoint Server Security Feature Bypass Vulnerability

Published: Jul 14, 2026Updated: Jul 15, 2026 Sources: CVE List NVDCWE-1390

Description

Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.

In plain language

AI Act now

CVE-2026-55040 is a SharePoint Server security bypass that lets an attacker access (and possibly change) protected information over the network without logging in; if you run SharePoint Server 2016/2019/Subscription Edition, you should treat this as urgent and update to the fixed versions.

Executive summary

CVE-2026-55040 is a security feature bypass in Microsoft SharePoint Server (Enterprise 2016, Server 2019, and Subscription Edition) that can be reached over the network without authentication, allowing an attacker to obtain sensitive data and potentially modify information due to weak authentication.

If affected, business impact
Unauthorized access to sensitive filesCustomer or business data exposureContent tampering in SharePointDisruption from incident response

What to do now

  1. Check which Microsoft SharePoint Server product you run (2016, 2019, or Subscription Edition) and confirm the currently installed patch level.
  2. If you are on an affected version, upgrade SharePoint to the fixed versions listed below.
  3. After updating, verify your SharePoint patch level matches the fixed version for your edition and review relevant access/activity logs for unusual requests.
Usually a quick update

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:NAvailability
None

Weaknesses

Affected Products

Exploitability

Official Patch Available

References

11
See all →

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-55040 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows