PT-2026-58045 · Microsoft · Sharepoint Server

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-55040

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint (affected versions not specified)
Description Weak authentication in Microsoft Office SharePoint allows a remote, unauthenticated attacker to bypass security features over a network. The issue stems from weaknesses in the validation of JSON Web Tokens (JWTs), which are compact, URL-safe means of representing claims to be transferred between two parties. An attacker who knows or enumerates a target user's Active Directory Security ID (SID) or User Principal Name (UPN) can leverage this flaw to impersonate users, including administrators. This allows the attacker to perform unauthorized actions, disclose files, and modify data under the identity of the impersonated user.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55040

Affected Products

Sharepoint Server