What is CVE-2026-56164?
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
Timeline
- 2026-07-14Published to the U.S. National Vulnerability Database (NVD)
- 2026-07-14Added to the CISA Known Exploited Vulnerabilities (KEV) catalog
- 2026-07-17CISA federal remediation deadline (BOD 22-01)
CISA Known Exploited Vulnerability
Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
Affected product
Microsoft SharePoint Server
Remediation Steps
- Apply Microsoft July 2026 Patch Tuesday updates for SharePoint immediately
- Review SharePoint access logs for signs of active exploitation
- Harden SharePoint instances per CISA guidance
- Restrict remote access to SharePoint administration interfaces
References
Referenced in our briefings & reports
- Vulnerability Priority Report – Week 2 of July 2026 (July 13 – 19)
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.