Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Missing authentication on a network-reachable critical function gives remote unauthenticated access (AV:N/AC:L/PR:N/UI:N) with privileged control yielding high C/I/A; scope unchanged within the farm.
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
AnalysisAI
Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special authentication or user interaction is required - remote unauthenticated exploitation (AV:N/AC:L/PR:N/UI:N) against on-premises Microsoft SharePoint Server, where a critical function is exposed without any authentication check (CWE-306). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a genuine top-priority issue rather than a high-CVSS-but-low-risk theoretical flaw: every available signal aligns. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach an on-prem SharePoint web front-end over the network sends a crafted request directly to the unauthenticated critical function, bypassing login entirely and obtaining elevated privileges on the farm. Because publicly available exploit code exists and no user interaction or credentials are required (AV:N/AC:L/PR:N/UI:N), this can be executed opportunistically at scale against exposed servers and is already being used in the wild per CISA KEV. … |
| Remediation | Apply the vendor security update: Patch available per Microsoft advisory - install the SharePoint security update referenced in the MSRC Security Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164) for each affected build (Enterprise Server 2016, Server 2019, and Subscription Edition), following Microsoft's guidance to run the update wizard/PSConfig so the fix is fully applied across the farm. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Microsoft SharePoint Server 2016, 2019, and Subscription Edition installations and assess patch compatibility with your environment; immediately begin testing the MSRC-released patch in non-production systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi
Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) all
Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta
Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l
Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw
Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets
Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke
Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44043
GHSA-hc2f-r46j-4w6x