CISA BOD 26-04 SharePoint remediation deadline
Public Sector Action
Summary
Hide ▲
Show ▼
CISA gave federal agencies until July 17 to secure or discontinue SharePoint servers affected by CVE-2026-56164, turning the remediation deadline into a mandatory federal action for exposed systems. The agency had already added CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164 to the Known Exploited Vulnerabilities Catalog on April 14, July 1, and July 14. Agencies that cannot apply mitigations must discontinue the affected servers under BOD 26-04.
Cases
Related Happenings
CISA KEV catalog addition for SonicWall SMA 1000 flaws
Public Sector Action
H score34
First: 15.07.2026 08:30
Last: 15.07.2026 08:30
Sources 1
About this happening:
CISA added **CVE-2026-15409** and **CVE-2026-15410** affecting **SonicWall SMA 1000** appliances to the **KEV catalog**, turning the flaws into a federal remediation priority for...
CISA KEV catalog addition for SonicWall SMA 1000 flaws
Public Sector ActionAbout this happening: CISA added **CVE-2026-15409** and **CVE-2026-15410** affecting **SonicWall SMA 1000** appliances to the **KEV catalog**, turning the flaws into a federal remediation priority for...
SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)
Vulnerability
H score82
First: 14.07.2026 23:25
Last: 14.07.2026 23:25
Sources 1
How related:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances.
About this happening:
**CVE-2026-56164** is an **actively exploited** **SharePoint Server** vulnerability that lets an unauthenticated attacker **escalate privileges over the network**. The flaw puts *...
SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)
VulnerabilityHow related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances.
About this happening: **CVE-2026-56164** is an **actively exploited** **SharePoint Server** vulnerability that lets an unauthenticated attacker **escalate privileges over the network**. The flaw puts *...
Latest development: 15.07.2026 12:20
Microsoft’s July 14 Patch Tuesday included CVE-2026-56164, an elevation-of-privilege flaw in Microsoft SharePoint Server that required no existing privileges and was described as low complexity. The zero-day was one of two vulnerabilities in the release that had been exploited in the wild, and Microsoft issued updates for affected systems.
Microsoft July 2026 Patch Tuesday security updates (570 flaws, 3 zero-days)
Security Patch Release
H score36
First: 14.07.2026 21:01
Last: 14.07.2026 21:01
Sources 1
About this happening:
Microsoft's **July 2026 Patch Tuesday** released security updates for **570 flaws**, including **three zero-days** and **two vulnerabilities exploited in attacks**, creating immed...
Microsoft July 2026 Patch Tuesday security updates (570 flaws, 3 zero-days)
Security Patch ReleaseAbout this happening: Microsoft's **July 2026 Patch Tuesday** released security updates for **570 flaws**, including **three zero-days** and **two vulnerabilities exploited in attacks**, creating immed...
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector Action
H score35
First: 26.06.2026 22:43
Last: 26.06.2026 22:43
Sources 1
About this happening:
CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector ActionAbout this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
Timeline
-
15.07.2026 03:00 1 articles · 11h ago
CISA adds CVE-2026-32201 to the Known Exploited Vulnerabilities Catalog
Legal Policy Action UpdateCISA added CVE-2026-32201 to its Known Exploited Vulnerabilities Catalog after identifying it as an actively exploited SharePoint Server flaw affecting Internet-exposed on-premises systems.
Show sources
- CISA warns admins to patch actively exploited SharePoint flaws — www.bleepingcomputer.com — 15.07.2026 12:44
-
15.07.2026 03:00 1 articles · 11h ago
CISA adds CVE-2026-45659 to the Known Exploited Vulnerabilities Catalog
Legal Policy Action UpdateCISA added CVE-2026-45659 to its Known Exploited Vulnerabilities Catalog after identifying it as an actively exploited SharePoint Server flaw affecting Internet-exposed on-premises systems.
Show sources
- CISA warns admins to patch actively exploited SharePoint flaws — www.bleepingcomputer.com — 15.07.2026 12:44
-
15.07.2026 03:00 1 articles · 11h ago
CISA adds CVE-2026-56164 to the Known Exploited Vulnerabilities Catalog
Legal Policy Action UpdateCISA added CVE-2026-56164 to its Known Exploited Vulnerabilities Catalog after identifying it as an actively exploited SharePoint Server flaw affecting Internet-exposed on-premises systems.
Show sources
- CISA warns admins to patch actively exploited SharePoint flaws — www.bleepingcomputer.com — 15.07.2026 12:44
-
15.07.2026 03:00 2 articles · 11h ago
CISA warns of active exploitation of SharePoint Server vulnerabilities
Initial DisclosureCISA warned that attackers are actively exploiting CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164 against Internet-exposed on-premises SharePoint Server instances, enabling authentication bypass, remote code execution, IIS machine key theft, and persistence on compromised systems.
Show sources
- CISA warns admins to patch actively exploited SharePoint flaws — www.bleepingcomputer.com — 15.07.2026 12:44
- CISA warns admins to patch actively exploited SharePoint flaws — www.bleepingcomputer.com — 15.07.2026 12:44
-
15.07.2026 03:00 1 articles · 11h ago
Federal agencies face July 17 deadline to secure affected SharePoint servers
Legal Policy Action UpdateUnder Binding Operational Directive (BOD) 26-04, federal agencies must secure SharePoint servers affected by CVE-2026-56164 by July 17 or discontinue them if mitigations cannot be applied.
Show sources
- CISA warns admins to patch actively exploited SharePoint flaws — www.bleepingcomputer.com — 15.07.2026 12:44