PT-2026-58260 · Microsoft · Sharepoint Server

Published

2026-07-14

·

Updated

2026-07-15

·

CVE-2026-56164

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Subscription Edition
Description A missing authentication flaw in a critical function allows an unauthorized attacker to elevate privileges over a network. This issue is being actively exploited in real-world incidents.
Recommendations Apply the security patches for Microsoft SharePoint Server 2016. Apply the security patches for Microsoft SharePoint Server 2019. Apply the security patches for Microsoft SharePoint Subscription Edition.

Fix

LPE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56164

Affected Products

Sharepoint Server