{"uuid": "5a62b1bd-5b90-42b1-a47d-976f5f8bc7c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://infosec.exchange/users/secdb/statuses/116919868576652720", "content": "\ud83d\udea8 [CISA-2026:0714] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0714)\nCISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.\n\u26a0\ufe0f CVE-2026-56155 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56155)- Name: Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability - Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA\u2019s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA\u2019s \u201cForensics Triage Requirements\u201d (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&amp;#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Active Directory Federation Services- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-56155 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-56155\n\u26a0\ufe0f CVE-2026-56164 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56164)- Name: Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA\u2019s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA\u2019s \u201cForensics Triage Requirements\u201d (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&amp;#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: SharePoint Server- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-56164 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-56164\n#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260714 #cisa20260714 #cve_2026_56155 #cve_2026_56164 #cve202656155 #cve202656164", "creation_timestamp": "2026-07-14T21:09:34.214565Z"}