CVE Details

CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
Published: 2026-07-14 CVSS: 7.8 HIGH Product: Microsoft Active Directory Federation Services Due Date: 2026-07-28

Microsoft Active Directory Federation Services contains an insufficient granularity of access control vulnerability that allows an authorized attacker to elevate privileges locally.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

No GitHub PoC data.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

No EPSS data.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 7.8
  • Severity: HIGH
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC

  • Exploitation: active
  • Automatable: no
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-56155
cveMetadata > assignerOrgId f38d906d-7342-40ea-92c1-6c4a2c6478c8
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName microsoft
cveMetadata > dateReserved 2026-06-19T13:53:31.988Z
cveMetadata > datePublished 2026-07-14T17:05:11.702Z
cveMetadata > dateUpdated 2026-07-14T19:58:23.277Z
containers > cna > title Active Directory Federation Services Elevation of Privilege Vulnerability
containers > cna > datePublic 2026-07-14T14:00:00.000Z
containers > cna > cpeApplicability > 0 > nodes > 0 > operator OR
containers > cna > cpeApplicability > 0 > nodes > 0 > negate False
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > criteria cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > versionStartIncluding 10.0.17763.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > versionEndExcluding 10.0.17763.9020
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > criteria cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > versionStartIncluding 10.0.17763.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > versionEndExcluding 10.0.17763.9020
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > criteria cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > versionStartIncluding 10.0.17763.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > versionEndExcluding 10.0.17763.9020
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 3 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 3 > criteria cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 3 > versionStartIncluding 10.0.20348.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 3 > versionEndExcluding 10.0.20348.5386
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 4 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 4 > criteria cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 4 > versionStartIncluding 10.0.26100.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 4 > versionEndExcluding 10.0.26100.33158
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 5 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 5 > criteria cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 5 > versionStartIncluding 10.0.26100.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 5 > versionEndExcluding 10.0.26100.33158
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 6 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 6 > criteria cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 6 > versionStartIncluding 10.0.14393.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 6 > versionEndExcluding 10.0.14393.9339
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 7 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 7 > criteria cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 7 > versionStartIncluding 10.0.14393.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 7 > versionEndExcluding 10.0.14393.9339
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 8 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 8 > criteria cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 8 > versionStartIncluding 10.0.14393.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 8 > versionEndExcluding 10.0.14393.9339
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 9 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 9 > criteria cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 9 > versionStartIncluding 6.2.9200.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 9 > versionEndExcluding 6.2.9200.26226
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 10 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 10 > criteria cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 10 > versionStartIncluding 6.2.9200.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 10 > versionEndExcluding 6.2.9200.26226
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 11 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 11 > criteria cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 11 > versionStartIncluding 6.3.9600.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 11 > versionEndExcluding 6.3.9600.23291
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 12 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 12 > criteria cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 12 > versionStartIncluding 6.3.9600.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 12 > versionEndExcluding 6.3.9600.23291
containers > cna > affected > 0 > vendor Microsoft
containers > cna > affected > 0 > product Windows 10 Version 1607
containers > cna > affected > 0 > platforms > 0 32-bit Systems
containers > cna > affected > 0 > platforms > 1 x64-based Systems
containers > cna > affected > 0 > versions > 0 > version 10.0.14393.0
containers > cna > affected > 0 > versions > 0 > lessThan 10.0.14393.9339
containers > cna > affected > 0 > versions > 0 > versionType custom
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > affected > 1 > vendor Microsoft
containers > cna > affected > 1 > product Windows 10 Version 1809
containers > cna > affected > 1 > platforms > 0 32-bit Systems
containers > cna > affected > 1 > platforms > 1 x64-based Systems
containers > cna > affected > 1 > versions > 0 > version 10.0.17763.0
containers > cna > affected > 1 > versions > 0 > lessThan 10.0.17763.9020
containers > cna > affected > 1 > versions > 0 > versionType custom
containers > cna > affected > 1 > versions > 0 > status affected
containers > cna > affected > 2 > vendor Microsoft
containers > cna > affected > 2 > product Windows Server 2012
containers > cna > affected > 2 > platforms > 0 x64-based Systems
containers > cna > affected > 2 > versions > 0 > version 6.2.9200.0
containers > cna > affected > 2 > versions > 0 > lessThan 6.2.9200.26226
containers > cna > affected > 2 > versions > 0 > versionType custom
containers > cna > affected > 2 > versions > 0 > status affected
containers > cna > affected > 3 > vendor Microsoft
containers > cna > affected > 3 > product Windows Server 2012 (Server Core installation)
containers > cna > affected > 3 > platforms > 0 x64-based Systems
containers > cna > affected > 3 > versions > 0 > version 6.2.9200.0
containers > cna > affected > 3 > versions > 0 > lessThan 6.2.9200.26226
containers > cna > affected > 3 > versions > 0 > versionType custom
containers > cna > affected > 3 > versions > 0 > status affected
containers > cna > affected > 4 > vendor Microsoft
containers > cna > affected > 4 > product Windows Server 2012 R2
containers > cna > affected > 4 > platforms > 0 x64-based Systems
containers > cna > affected > 4 > versions > 0 > version 6.3.9600.0
containers > cna > affected > 4 > versions > 0 > lessThan 6.3.9600.23291
containers > cna > affected > 4 > versions > 0 > versionType custom
containers > cna > affected > 4 > versions > 0 > status affected
containers > cna > affected > 5 > vendor Microsoft
containers > cna > affected > 5 > product Windows Server 2012 R2 (Server Core installation)
containers > cna > affected > 5 > platforms > 0 x64-based Systems
containers > cna > affected > 5 > versions > 0 > version 6.3.9600.0
containers > cna > affected > 5 > versions > 0 > lessThan 6.3.9600.23291
containers > cna > affected > 5 > versions > 0 > versionType custom
containers > cna > affected > 5 > versions > 0 > status affected
containers > cna > affected > 6 > vendor Microsoft
containers > cna > affected > 6 > product Windows Server 2016
containers > cna > affected > 6 > platforms > 0 x64-based Systems
containers > cna > affected > 6 > versions > 0 > version 10.0.14393.0
containers > cna > affected > 6 > versions > 0 > lessThan 10.0.14393.9339
containers > cna > affected > 6 > versions > 0 > versionType custom
containers > cna > affected > 6 > versions > 0 > status affected
containers > cna > affected > 7 > vendor Microsoft
containers > cna > affected > 7 > product Windows Server 2016 (Server Core installation)
containers > cna > affected > 7 > platforms > 0 x64-based Systems
containers > cna > affected > 7 > versions > 0 > version 10.0.14393.0
containers > cna > affected > 7 > versions > 0 > lessThan 10.0.14393.9339
containers > cna > affected > 7 > versions > 0 > versionType custom
containers > cna > affected > 7 > versions > 0 > status affected
containers > cna > affected > 8 > vendor Microsoft
containers > cna > affected > 8 > product Windows Server 2019
containers > cna > affected > 8 > platforms > 0 x64-based Systems
containers > cna > affected > 8 > versions > 0 > version 10.0.17763.0
containers > cna > affected > 8 > versions > 0 > lessThan 10.0.17763.9020
containers > cna > affected > 8 > versions > 0 > versionType custom
containers > cna > affected > 8 > versions > 0 > status affected
containers > cna > affected > 9 > vendor Microsoft
containers > cna > affected > 9 > product Windows Server 2019 (Server Core installation)
containers > cna > affected > 9 > platforms > 0 x64-based Systems
containers > cna > affected > 9 > versions > 0 > version 10.0.17763.0
containers > cna > affected > 9 > versions > 0 > lessThan 10.0.17763.9020
containers > cna > affected > 9 > versions > 0 > versionType custom
containers > cna > affected > 9 > versions > 0 > status affected
containers > cna > affected > 10 > vendor Microsoft
containers > cna > affected > 10 > product Windows Server 2022
containers > cna > affected > 10 > platforms > 0 x64-based Systems
containers > cna > affected > 10 > versions > 0 > version 10.0.20348.0
containers > cna > affected > 10 > versions > 0 > lessThan 10.0.20348.5386
containers > cna > affected > 10 > versions > 0 > versionType custom
containers > cna > affected > 10 > versions > 0 > status affected
containers > cna > affected > 11 > vendor Microsoft
containers > cna > affected > 11 > product Windows Server 2025
containers > cna > affected > 11 > platforms > 0 x64-based Systems
containers > cna > affected > 11 > versions > 0 > version 10.0.26100.0
containers > cna > affected > 11 > versions > 0 > lessThan 10.0.26100.33158
containers > cna > affected > 11 > versions > 0 > versionType custom
containers > cna > affected > 11 > versions > 0 > status affected
containers > cna > affected > 12 > vendor Microsoft
containers > cna > affected > 12 > product Windows Server 2025 (Server Core installation)
containers > cna > affected > 12 > platforms > 0 x64-based Systems
containers > cna > affected > 12 > versions > 0 > version 10.0.26100.0
containers > cna > affected > 12 > versions > 0 > lessThan 10.0.26100.33158
containers > cna > affected > 12 > versions > 0 > versionType custom
containers > cna > affected > 12 > versions > 0 > status affected
containers > cna > descriptions > 0 > value Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
containers > cna > descriptions > 0 > lang en-US
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-1220: Insufficient Granularity of Access Control
containers > cna > problemTypes > 0 > descriptions > 0 > lang en-US
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-1220
containers > cna > providerMetadata > orgId f38d906d-7342-40ea-92c1-6c4a2c6478c8
containers > cna > providerMetadata > shortName microsoft
containers > cna > providerMetadata > dateUpdated 2026-07-14T19:37:20.136Z
containers > cna > references > 0 > name Active Directory Federation Services Elevation of Privilege Vulnerability
containers > cna > references > 0 > tags > 0 vendor-advisory
containers > cna > references > 0 > tags > 1 patch
containers > cna > references > 0 > url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56155
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en-US
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > metrics > 0 > cvssV3_1 > version 3.1
containers > cna > metrics > 0 > cvssV3_1 > baseSeverity HIGH
containers > cna > metrics > 0 > cvssV3_1 > baseScore 7.8
containers > cna > metrics > 0 > cvssV3_1 > vectorString CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-56155
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation active
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable no
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-07-14T18:45:04.836579Z
containers > adp > 0 > metrics > 1 > other > type kev
containers > adp > 0 > metrics > 1 > other > content > dateAdded 2026-07-14
containers > adp > 0 > metrics > 1 > other > content > reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56155
containers > adp > 0 > references > 0 > url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56155
containers > adp > 0 > references > 0 > tags > 0 government-resource
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-07-14T19:58:23.277Z
containers > adp > 0 > timeline > 0 > time 2026-07-14T00:00:00.000Z
containers > adp > 0 > timeline > 0 > lang en
containers > adp > 0 > timeline > 0 > value CVE-2026-56155 added to CISA KEV