PT-2026-58045 · Microsoft · Sharepoint Server
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-55040
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Office SharePoint (affected versions not specified)
Description
Weak authentication in Microsoft Office SharePoint allows a remote, unauthenticated attacker to bypass security features over a network. The issue stems from weaknesses in the validation of JSON Web Tokens (JWTs), which are compact, URL-safe means of representing claims to be transferred between two parties. An attacker who knows or enumerates a target user's Active Directory Security ID (SID) or User Principal Name (UPN) can leverage this flaw to impersonate users, including administrators. This allows the attacker to perform unauthorized actions, disclose files, and modify data under the identity of the impersonated user.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sharepoint Server