CVE-2026-56164: Elevation of Privilege via Missing Authentication in Microsoft SharePoint Server
Vulnerability ID: CVE-2026-56164
CVSS Score: 5.3
Published: 2026-07-14
CVE-2026-56164 is a critical vulnerability affecting Microsoft SharePoint Server. It permits unauthenticated, remote attackers to bypass identity verification controls. This flaw is classified under CWE-306: Missing Authentication for Critical Function and allows elevation of privilege up to Farm Administrator level. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.
TL;DR
Missing authentication in the User Profiles assembly allows unauthenticated network attackers to elevate privileges to Farm Administrator by omitting the security digest and supplying specific routing headers.
⚠️ Exploit Status: ACTIVE
Technical Details
- CWE ID: CWE-306
- Attack Vector: Network (AV:N)
- CVSS Score: 5.3
- Exploit Status: Active Exploitation
- KEV Status: Listed
Affected Systems
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
-
SharePoint Enterprise Server 2016: >= 16.0.0, < 16.0.5561.1001 (Fixed in:
16.0.5561.1001) -
SharePoint Server 2019: >= 16.0.0, < 16.0.10417.20175 (Fixed in:
16.0.10417.20175) -
SharePoint Server Subscription Edition: >= 16.0.0, < 16.0.19725.20434 (Fixed in:
16.0.19725.20434)
Exploit Details
- GitHub: Functional unauthenticated Elevation of Privilege (EoP) exploit concept targeting SharePoint client service endpoint.
Mitigation Strategies
- Install the official Microsoft July 2026 security updates for SharePoint.
- Deploy IIS URL Rewrite rules to block requests to client.svc lacking X-RequestDigest headers.
- Restrict network access to SharePoint administrative and client services endpoints using WAF rules.
Remediation Steps:
- Identify all deployed SharePoint Server instances and verify their build numbers.
- Download the respective patch package from the Microsoft Security Update Guide for your version of SharePoint.
- Apply the patch during a scheduled maintenance window to update assemblies.
- Perform a full forensic triage on site collections for unauthorized administrator promotions.
References
- Microsoft Security Update Guide Advisory
- CISA Known Exploited Vulnerabilities Catalog
- NVD Vulnerability Details
- CISA BOD 26-04 Directive
- Wiz Vulnerability Database Reference
- Sentinel AI Defense PoC Repository
Read the full report for CVE-2026-56164 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)