Home

Description

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

PUBLISHED Reserved 2026-06-19 | Published 2026-07-14 | Updated 2026-07-14 | Assigner microsoft




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C

CISA Known Exploited Vulnerability

Date added 2026-07-14 | Due date 2026-07-17

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

16.0.0 (custom) before 16.0.5561.1001
affected

16.0.0 (custom) before 16.0.10417.20175
affected

16.0.0 (custom) before 16.0.19725.20434
affected

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2026-56164 government-resource

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2026-56164)

nvd.nist.gov (CVE-2026-56164)

Download JSON