SharePoint privilege escalation exploited (CVE-2026-56164)
CVE-2026-56164
CVE-2026-56164: Critical unauthenticated privilege escalation in Microsoft Office SharePoint (CVSS 9.8) actively exploited. Apply Microsoft's security patch immediately.
Actively exploited in the wild - CVE-2026-56164 is a critical missing authentication flaw in Microsoft Office SharePoint that lets an unauthenticated attacker elevate privileges over the network with no user interaction. Patched in the June 2026 security update - apply immediately.
Overview
CVE-2026-56164 is a critical vulnerability in Microsoft Office SharePoint that stems from missing authentication for a critical function. The flaw carries a CVSS score of 9.8 and requires no privileges, no user interaction, and can be exploited over the network. Because SharePoint is widely deployed for internal collaboration and document management, this vulnerability presents a severe risk to enterprise environments.
Impact
An unauthenticated attacker can exploit this vulnerability to elevate their privileges on the target SharePoint server. Successful exploitation grants the attacker the same permissions as a high-privilege SharePoint user, potentially allowing them to access, modify, or exfiltrate sensitive documents, manage site collections, and pivot to other systems within the network. Given the confirmed active exploitation, organizations should treat this as an immediate threat.
Affected Products
Microsoft Office SharePoint Server. Organizations should consult the vendor advisory for the exact affected versions and patch levels.
Remediation
Microsoft has released a security update for this vulnerability as part of the June 2026 Patch Tuesday. The only complete mitigation is to apply the official patch immediately. There are no known workarounds that fully address the missing authentication flaw.
For organizations that cannot patch immediately, consider:
- Restricting network access to SharePoint servers to only trusted IP ranges
- Enabling enhanced logging and monitoring for anomalous privilege escalation events
- Reviewing user account activity for signs of compromise
Security Insight
This vulnerability represents a dangerous class of flaws in collaboration platforms - missing authentication for privileged operations. Unlike complex memory corruption bugs, this is a logic flaw that requires no specialized exploit development. When combined with the CISA KEV designation, it signals that threat actors are weaponizing these simple, high-impact vulnerabilities faster than ever. Organizations should treat SharePoint as a critical asset and prioritize patching cycles accordingly, especially when CISA adds a vulnerability to its Known Exploited Vulnerabilities catalog.
Related Content
- Weekly Threat Roundup: Orkes Conductor RCE (June 29–July 5)
- SharePoint RCE CVE-2026-45659 added to CISA KEV
- Weekly Threat Roundup: APT28 DNS Hijacking (Apr 6-12
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network....
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network....
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploita...
Other Microsoft Sharepoint Server Vulnerabilities
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network....
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network....