Back to overview

CVE-2026-56164

MEDIUM KEV CISA Exploitation: ACTIVE
5.3
CVSS 3.1

Metadata

CVE ID
CVE-2026-56164
State
PUBLISHED
Assigner
microsoft
Reserved
2026-06-19 13:53 UTC
Published
2026-07-14 17:05 UTC
Last updated
2026-07-15 21:09 UTC
Primary CWE
CWE-306
CWE-306: Missing Authentication for Critical Function
Vendor / Product
Microsoft / Microsoft SharePoint Enterprise Server 2016
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C
SSVC — CISA Coordinator
Exploitation
ACTIVE
Automatable
yes
Tech. Impact
partial
CISA Known Exploited Vulnerability
Vulnerability name
Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
Vendor
Microsoft
Product
SharePoint Server
Added to KEV
2026-07-14
Due date
2026-07-17
Ransomware
Not known
Required action
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CISA description
Microsoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to elevate privileges over a network.
Affected products (3)
VendorProductPlatformVersions
Microsoft Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5561.1001
Microsoft Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20175
Microsoft Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.19725.20434
Weakness (CWE)
CWESourceDescription
CWE-306 cna CWE-306: Missing Authentication for Critical Function
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C
References (1)
Back to overview