{"uuid": "22384a71-0c48-43b9-9286-8291c452581e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://gist.github.com/alon710/8c9608a120a643db7abcad634f249000", "content": "# CVE-2026-56164: CVE-2026-56164: Elevation of Privilege via Missing Authentication in Microsoft SharePoint Server\n\n&gt; **CVSS Score:** 5.3\n&gt; **Published:** 2026-07-14\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-56164\n\n## Summary\nCVE-2026-56164 is a critical vulnerability affecting Microsoft SharePoint Server. It permits unauthenticated, remote attackers to bypass identity verification controls. This flaw is classified under CWE-306: Missing Authentication for Critical Function and allows elevation of privilege up to Farm Administrator level. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.\n\n## TL;DR\nMissing authentication in the User Profiles assembly allows unauthenticated network attackers to elevate privileges to Farm Administrator by omitting the security digest and supplying specific routing headers.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE ID**: CWE-306\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 5.3\n- **Exploit Status**: Active Exploitation\n- **KEV Status**: Listed\n\n## Affected Systems\n\n- Microsoft SharePoint Enterprise Server 2016\n- Microsoft SharePoint Server 2019\n- Microsoft SharePoint Server Subscription Edition\n- **SharePoint Enterprise Server 2016**: &gt;= 16.0.0, &lt; 16.0.5561.1001 (Fixed in: `16.0.5561.1001`)\n- **SharePoint Server 2019**: &gt;= 16.0.0, &lt; 16.0.10417.20175 (Fixed in: `16.0.10417.20175`)\n- **SharePoint Server Subscription Edition**: &gt;= 16.0.0, &lt; 16.0.19725.20434 (Fixed in: `16.0.19725.20434`)\n\n## Mitigation\n\n- Install the official Microsoft July 2026 security updates for SharePoint.\n- Deploy IIS URL Rewrite rules to block requests to client.svc lacking X-RequestDigest headers.\n- Restrict network access to SharePoint administrative and client services endpoints using WAF rules.\n\n**Remediation Steps:**\n1. Identify all deployed SharePoint Server instances and verify their build numbers.\n2. Download the respective patch package from the Microsoft Security Update Guide for your version of SharePoint.\n3. Apply the patch during a scheduled maintenance window to update assemblies.\n4. Perform a full forensic triage on site collections for unauthorized administrator promotions.\n\n## References\n\n- [Microsoft Security Update Guide Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164)\n- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56164)\n- [NVD Vulnerability Details](https://nvd.nist.gov/vuln/detail/CVE-2026-56164)\n- [CISA BOD 26-04 Directive](https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk)\n- [Wiz Vulnerability Database Reference](https://www.wiz.io/vulnerability-database/cve/cve-2026-56164)\n- [Sentinel AI Defense PoC Repository](https://github.com/sentinel-aidefense/CVE-2026-56164-EXP)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-56164) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-15T10:31:10.547564Z"}