Find notable cyber news and cases, enriched with sources, timelines, and signals.

SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)

Vulnerability
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-56164 is an actively exploited SharePoint Server vulnerability that lets an unauthenticated attacker escalate privileges over the network. The flaw puts on-premises SharePoint Server deployments at immediate risk, especially where the service is exposed to remote access. Microsoft has already identified it as a fix-first issue for July 2026.

Related Happenings

Microsoft Copilot remote code execution flaw (CVE-2026-48561)

Vulnerability
H score33 First: 14.07.2026 22:22 Last: 14.07.2026 22:22 Sources 1

About this happening: A **CVE-2026-48561** remote code execution flaw in **Microsoft Copilot** can let an unauthorized attacker execute code over the network, creating remote takeover risk for affected...

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
H score48 First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...

Warlock ransomware post-exploitation tooling upgrades

Malware Activity
H score38 First: 17.03.2026 17:36 Last: 17.03.2026 17:36 Sources 1

About this happening: The **Warlock ransomware group** has upgraded its post-exploitation toolset with **BYOVD**, **TightVNC**, and **Yuze**, making intrusions harder to detect and interrupt. In an obs...

CISA KEV patch order for Dell RecoverPoint

Public Sector Action
H score36 First: 19.02.2026 17:30 Last: 19.02.2026 17:30 Sources 1

About this happening: **CISA** added **CVE-2026-22769** to the **KEV catalog** and ordered **Federal Civilian Executive Branch** agencies to secure their networks by **February 21**. The directive unde...

Timeline

  1. 14.07.2026 23:25 2 articles · 2h ago

    CVE-2026-56164 is exploited in on-premises SharePoint Server attacks

    Exploitation Observed

    Microsoft says CVE-2026-56164 in on-premises SharePoint Server is being exploited in attacks, letting an unauthenticated attacker escalate privileges over the network; Microsoft credits Mandiant incident responders and Google's FLARE team for the discovery.

    Show sources
  2. 14.07.2026 23:25 1 articles · 2h ago

    Microsoft ships the SharePoint Server fix for CVE-2026-56164

    Mitigation Patch Update

    Microsoft's July Patch Tuesday ships the fix for CVE-2026-56164 in on-premises SharePoint Server, and the advisory says enabling AMSI in Full Mode on the server can blunt the attack path if immediate patching is not possible.

    Show sources