CVE-2026-56164
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Description
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
In plain language
AI Act nowCVE-2026-56164 is a Microsoft SharePoint Server security flaw where an attacker with network access can take higher privileges without logging in, and it is already being actively exploited—so a typical small business running affected SharePoint should act immediately.
CVE-2026-56164 is an unauthenticated elevation-of-privilege issue (CWE-306) in Microsoft SharePoint Server via a missing authentication check; attackers with network access are bypassing authentication and using it in the wild.
What to do now
- Check whether your business uses Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition, or sharepoint server, and identify the exact installed version/build.
- If you are on Microsoft SharePoint Enterprise Server 2016, upgrade to 16.0.5561.1001 or later.
- If you are on Microsoft SharePoint Server 2019, upgrade to 16.0.10417.20175 or later.
- If you are on Microsoft SharePoint Server Subscription Edition or sharepoint server, upgrade to 16.0.19725.20434 or later.
- After upgrading, review for suspicious activity around SharePoint access and admin-related changes, and follow your vendor/IT guidance for incident triage.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:NConfidentialityI:LIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- В июле Microsoft исправила рекордные 622 уязвимости в своих продуктахru-ru·Хакер (xakep.ru)· Source-only·
- CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilitiesen-us·SecurityWeek· Summary only·
- Цунами уязвимостей: июльский Microsoft Patch Tuesdayru-ru·Kaspersky Daily (RU)· Summary only·
- Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesdayen·The Hacker News·
- AI-driven bug hunting fuels record Microsoft Patch Tuesdayen-us·Help Net Security·
- CISA warns admins to patch actively exploited SharePoint flawsen-us·BleepingComputer·
- Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakesen·Dark Reading·
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attacken·The Hacker News·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-56164 and every CVE in our database. Create a free account — no credit card required.
Create Free Account