SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-56164 is an actively exploited SharePoint Server vulnerability that lets an unauthenticated attacker escalate privileges over the network. The flaw puts on-premises SharePoint Server deployments at immediate risk, especially where the service is exposed to remote access. Microsoft has already identified it as a fix-first issue for July 2026.
Related Happenings
Microsoft Copilot remote code execution flaw (CVE-2026-48561)
Vulnerability
H score33
First: 14.07.2026 22:22
Last: 14.07.2026 22:22
Sources 1
About this happening:
A **CVE-2026-48561** remote code execution flaw in **Microsoft Copilot** can let an unauthorized attacker execute code over the network, creating remote takeover risk for affected...
Microsoft Copilot remote code execution flaw (CVE-2026-48561)
VulnerabilityAbout this happening: A **CVE-2026-48561** remote code execution flaw in **Microsoft Copilot** can let an unauthorized attacker execute code over the network, creating remote takeover risk for affected...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionAbout this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
Warlock ransomware post-exploitation tooling upgrades
Malware Activity
H score38
First: 17.03.2026 17:36
Last: 17.03.2026 17:36
Sources 1
About this happening:
The **Warlock ransomware group** has upgraded its post-exploitation toolset with **BYOVD**, **TightVNC**, and **Yuze**, making intrusions harder to detect and interrupt. In an obs...
Warlock ransomware post-exploitation tooling upgrades
Malware ActivityAbout this happening: The **Warlock ransomware group** has upgraded its post-exploitation toolset with **BYOVD**, **TightVNC**, and **Yuze**, making intrusions harder to detect and interrupt. In an obs...
CISA KEV patch order for Dell RecoverPoint
Public Sector Action
H score36
First: 19.02.2026 17:30
Last: 19.02.2026 17:30
Sources 1
About this happening:
**CISA** added **CVE-2026-22769** to the **KEV catalog** and ordered **Federal Civilian Executive Branch** agencies to secure their networks by **February 21**. The directive unde...
CISA KEV patch order for Dell RecoverPoint
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-22769** to the **KEV catalog** and ordered **Federal Civilian Executive Branch** agencies to secure their networks by **February 21**. The directive unde...
Timeline
-
14.07.2026 23:25 2 articles · 2h ago
CVE-2026-56164 is exploited in on-premises SharePoint Server attacks
Exploitation ObservedMicrosoft says CVE-2026-56164 in on-premises SharePoint Server is being exploited in attacks, letting an unauthenticated attacker escalate privileges over the network; Microsoft credits Mandiant incident responders and Google's FLARE team for the discovery.
Show sources
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — thehackernews.com — 14.07.2026 23:25
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — thehackernews.com — 14.07.2026 23:25
-
14.07.2026 23:25 1 articles · 2h ago
Microsoft ships the SharePoint Server fix for CVE-2026-56164
Mitigation Patch UpdateMicrosoft's July Patch Tuesday ships the fix for CVE-2026-56164 in on-premises SharePoint Server, and the advisory says enabling AMSI in Full Mode on the server can blunt the attack path if immediate patching is not possible.
Show sources
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack — thehackernews.com — 14.07.2026 23:25