๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-56155: Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
Summary
Microsoft Active Directory Federation Services (a system that manages user authentication across networks) contains a vulnerability where an authorized attacker can gain higher-level access than they should have due to insufficient access control checks. This vulnerability is currently being exploited by attackers in real-world attacks.
Solution / Mitigation
Apply mitigations in accordance with vendor instructions from Microsoft, following CISA's BOD 26-04 guidance for prioritizing security updates based on risk. If mitigations are unavailable, discontinue use of the product. Organizations must evaluate their systems' internet exposure and ensure adherence to BOD 26-04 patching guidelines by the due date of 2026-07-28.
Vulnerability Details
EPSS: 0.0%
Yes
๐ฅ Actively Exploited
July 13, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-56155
First tracked: July 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%