Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Authentication bypass reachable over the network with no credentials or interaction gives AV:N/AC:L/PR:N/UI:N; it exposes and alters protected data (C:H/I:H) but does not affect availability (A:N).
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
AnalysisAI
Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) lets a network-based, unauthenticated attacker defeat a weak-authentication protection mechanism (CWE-1390) to gain high-impact access to confidentiality and integrity. Rated CVSS 9.1 with no attacker privileges or user interaction required, this is a serious pre-authentication issue in a widely deployed collaboration platform. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), no special conditions are required beyond network reachability - remote unauthenticated exploitation against affected on-premises SharePoint servers (Enterprise Server 2016, Server 2019, Subscription Edition) with no user interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are largely consistent and point to genuine priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with only network access to a SharePoint front-end sends crafted requests that exploit the weak authentication logic, bypassing the intended security feature without valid credentials. Because no user interaction or privileges are needed (AV:N/AC:L/PR:N/UI:N), the attacker can then read or modify content the control was meant to protect (C:H/I:H). … |
| Remediation | Patch available per vendor advisory - apply the Microsoft security update for CVE-2026-55040 to all affected SharePoint farms (Enterprise Server 2016, Server 2019, and Subscription Edition) via https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55040, following the standard SharePoint patching sequence of installing the update on every server in the farm and then running the SharePoint Products Configuration Wizard (PSConfig) to complete the upgrade. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all SharePoint 2016, Server 2019, and Subscription Edition deployments with priority mapping for internet-facing systems; confirm patch availability from Microsoft advisory. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets
Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi
Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) all
Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta
Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw
Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets
Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke
Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Same weakness CWE-1390 – Weak Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44211
GHSA-grxw-7cvc-96rv