๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-56164: Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
Summary
Microsoft SharePoint Server has a missing authentication for critical function vulnerability, which means some important features don't properly verify that users are who they claim to be. This allows attackers to gain unauthorized access over a network and take control of accounts that shouldn't be available to them. The vulnerability is currently being exploited by hackers in the wild.
Solution / Mitigation
Apply mitigations in accordance with vendor instructions from Microsoft, following CISA's BOD 26-04 guidance for prioritizing security updates. If mitigations are unavailable, discontinue use of the product. Check Microsoft's security update guide at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-56164 for the specific patch or update details.
Vulnerability Details
EPSS: 0.0%
Yes
๐ฅ Actively Exploited
July 13, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-56164
First tracked: July 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%