DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-56164: CVE-2026-56164: Elevation of Privilege via Missing Authentication in Microsoft SharePoint Server

CVE-2026-56164: Elevation of Privilege via Missing Authentication in Microsoft SharePoint Server

Vulnerability ID: CVE-2026-56164
CVSS Score: 5.3
Published: 2026-07-14

CVE-2026-56164 is a critical vulnerability affecting Microsoft SharePoint Server. It permits unauthenticated, remote attackers to bypass identity verification controls. This flaw is classified under CWE-306: Missing Authentication for Critical Function and allows elevation of privilege up to Farm Administrator level. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.

TL;DR

Missing authentication in the User Profiles assembly allows unauthenticated network attackers to elevate privileges to Farm Administrator by omitting the security digest and supplying specific routing headers.


⚠️ Exploit Status: ACTIVE

Technical Details

  • CWE ID: CWE-306
  • Attack Vector: Network (AV:N)
  • CVSS Score: 5.3
  • Exploit Status: Active Exploitation
  • KEV Status: Listed

Affected Systems

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • SharePoint Enterprise Server 2016: >= 16.0.0, < 16.0.5561.1001 (Fixed in: 16.0.5561.1001)
  • SharePoint Server 2019: >= 16.0.0, < 16.0.10417.20175 (Fixed in: 16.0.10417.20175)
  • SharePoint Server Subscription Edition: >= 16.0.0, < 16.0.19725.20434 (Fixed in: 16.0.19725.20434)

Exploit Details

  • GitHub: Functional unauthenticated Elevation of Privilege (EoP) exploit concept targeting SharePoint client service endpoint.

Mitigation Strategies

  • Install the official Microsoft July 2026 security updates for SharePoint.
  • Deploy IIS URL Rewrite rules to block requests to client.svc lacking X-RequestDigest headers.
  • Restrict network access to SharePoint administrative and client services endpoints using WAF rules.

Remediation Steps:

  1. Identify all deployed SharePoint Server instances and verify their build numbers.
  2. Download the respective patch package from the Microsoft Security Update Guide for your version of SharePoint.
  3. Apply the patch during a scheduled maintenance window to update assemblies.
  4. Perform a full forensic triage on site collections for unauthorized administrator promotions.

References


Read the full report for CVE-2026-56164 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)