CVE Details

CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
Published: 2026-07-14 CVSS: 5.3 MEDIUM Product: Microsoft SharePoint Server Due Date: 2026-07-17

Microsoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to elevate privileges over a network.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

No GitHub PoC data.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

No EPSS data.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 5.3
  • Severity: MEDIUM
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C

SSVC

  • Exploitation: active
  • Automatable: yes
  • Technical Impact: partial

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-56164
cveMetadata > assignerOrgId f38d906d-7342-40ea-92c1-6c4a2c6478c8
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName microsoft
cveMetadata > dateReserved 2026-06-19T13:53:31.988Z
cveMetadata > datePublished 2026-07-14T17:05:12.313Z
cveMetadata > dateUpdated 2026-07-14T19:58:23.595Z
containers > cna > title Microsoft SharePoint Server Elevation of Privilege Vulnerability
containers > cna > datePublic 2026-07-14T14:00:00.000Z
containers > cna > cpeApplicability > 0 > nodes > 0 > operator OR
containers > cna > cpeApplicability > 0 > nodes > 0 > negate False
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > criteria cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > versionStartIncluding 16.0.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 0 > versionEndExcluding 16.0.5561.1001
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > criteria cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > versionStartIncluding 16.0.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 1 > versionEndExcluding 16.0.10417.20175
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > vulnerable True
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > criteria cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > versionStartIncluding 16.0.0
containers > cna > cpeApplicability > 0 > nodes > 0 > cpeMatch > 2 > versionEndExcluding 16.0.19725.20434
containers > cna > affected > 0 > vendor Microsoft
containers > cna > affected > 0 > product Microsoft SharePoint Enterprise Server 2016
containers > cna > affected > 0 > platforms > 0 x64-based Systems
containers > cna > affected > 0 > versions > 0 > version 16.0.0
containers > cna > affected > 0 > versions > 0 > lessThan 16.0.5561.1001
containers > cna > affected > 0 > versions > 0 > versionType custom
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > affected > 1 > vendor Microsoft
containers > cna > affected > 1 > product Microsoft SharePoint Server 2019
containers > cna > affected > 1 > platforms > 0 x64-based Systems
containers > cna > affected > 1 > versions > 0 > version 16.0.0
containers > cna > affected > 1 > versions > 0 > lessThan 16.0.10417.20175
containers > cna > affected > 1 > versions > 0 > versionType custom
containers > cna > affected > 1 > versions > 0 > status affected
containers > cna > affected > 2 > vendor Microsoft
containers > cna > affected > 2 > product Microsoft SharePoint Server Subscription Edition
containers > cna > affected > 2 > platforms > 0 x64-based Systems
containers > cna > affected > 2 > versions > 0 > version 16.0.0
containers > cna > affected > 2 > versions > 0 > lessThan 16.0.19725.20434
containers > cna > affected > 2 > versions > 0 > versionType custom
containers > cna > affected > 2 > versions > 0 > status affected
containers > cna > descriptions > 0 > value Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
containers > cna > descriptions > 0 > lang en-US
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-306: Missing Authentication for Critical Function
containers > cna > problemTypes > 0 > descriptions > 0 > lang en-US
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-306
containers > cna > providerMetadata > orgId f38d906d-7342-40ea-92c1-6c4a2c6478c8
containers > cna > providerMetadata > shortName microsoft
containers > cna > providerMetadata > dateUpdated 2026-07-14T19:37:20.775Z
containers > cna > references > 0 > name Microsoft SharePoint Server Elevation of Privilege Vulnerability
containers > cna > references > 0 > tags > 0 vendor-advisory
containers > cna > references > 0 > tags > 1 patch
containers > cna > references > 0 > url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en-US
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > metrics > 0 > cvssV3_1 > version 3.1
containers > cna > metrics > 0 > cvssV3_1 > baseSeverity MEDIUM
containers > cna > metrics > 0 > cvssV3_1 > baseScore 5.3
containers > cna > metrics > 0 > cvssV3_1 > vectorString CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-56164
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation active
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact partial
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-07-14T18:45:11.388695Z
containers > adp > 0 > metrics > 1 > other > type kev
containers > adp > 0 > metrics > 1 > other > content > dateAdded 2026-07-14
containers > adp > 0 > metrics > 1 > other > content > reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56164
containers > adp > 0 > references > 0 > url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56164
containers > adp > 0 > references > 0 > tags > 0 government-resource
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-07-14T19:58:23.595Z
containers > adp > 0 > timeline > 0 > time 2026-07-14T00:00:00.000Z
containers > adp > 0 > timeline > 0 > lang en
containers > adp > 0 > timeline > 0 > value CVE-2026-56164 added to CISA KEV