Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA Microsoft SharePoint hardening guidance for exploited zero-days

Advisory/Mitigation
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

CISA’s Microsoft SharePoint servers hardening guidance responds to newly disclosed zero-day vulnerabilities that can be exploited remotely, creating immediate risk for supported on-premises deployments. CVE-2026-56164 was added to the KEV catalog, and federal agencies must patch it within three days under BOD 26-04. Microsoft’s July 2026 Patch Tuesday also resolved CVE-2026-55040 and CVE-2026-58644, while CISA urged monitoring, intrusion hunting, and tighter exposure controls.

Cases

Related Happenings

CISA BOD 26-04 SharePoint remediation deadline

Public Sector Action
H score77 First: 15.07.2026 12:44 Last: 15.07.2026 12:44 Sources 1

How related: On Tuesday, CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it within three days, in line with BOD 26-04 recommendations.

About this happening: **CISA** gave federal agencies until **July 17** to secure or discontinue **SharePoint servers** affected by **CVE-2026-56164**, turning the remediation deadline into a mandatory...

Microsoft SharePoint Server actively exploited multi-CVE wave

Exploitation Wave
H score78 First: 15.07.2026 12:44 Last: 15.07.2026 12:44 Sources 1

How related: “These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware,” CISA warns.

About this happening: **SharePoint Server** exploitation wave remains active across **internet-exposed on-premises instances**, with **CVE-2026-32201**, **CVE-2026-45659**, and **CVE-2026-56164** used...

SonicWall SMA1000 SSRF and code injection flaws (multiple vulnerabilities)

Vulnerability
H score48 First: 15.07.2026 00:23 Last: 15.07.2026 00:23 Sources 1

About this happening: **SonicWall SMA1000** devices face active exploitation of **CVE-2026-15409** and **CVE-2026-15410**, creating urgent risk for exposed appliances. **CVE-2026-15409** is a **CVSS 10...

SonicWall security patch release for CVE-2026-15409

Security Patch Release
H score54 First: 15.07.2026 00:23 Last: 15.07.2026 00:23 Sources 1

About this happening: SonicWall released **hotfix security updates** for **SMA1000** appliances after confirming active exploitation of **CVE-2026-15409** and **CVE-2026-15410**. The fixes are availabl...

SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)

Vulnerability
H score82 First: 14.07.2026 23:25 Last: 14.07.2026 23:25 Sources 1

How related: The freshest of the exploited flaws is CVE-2026-56164, a privilege escalation issue that can be exploited remotely without authentication, and which was resolved with Microsoft’s July 2026 Patch Tuesday updates.

About this happening: **CVE-2026-56164** is an **actively exploited** **SharePoint Server** vulnerability that lets an unauthenticated attacker **escalate privileges over the network**. The flaw puts *...

Latest development: 15.07.2026 12:20

Microsoft’s July 14 Patch Tuesday included CVE-2026-56164, an elevation-of-privilege flaw in Microsoft SharePoint Server that required no existing privileges and was described as low complexity. The zero-day was one of two vulnerabilities in the release that had been exploited in the wild, and Microsoft issued updates for affected systems.

Timeline

  1. 15.07.2026 17:07 2 articles · 2h ago

    CISA urges immediate hardening of Microsoft SharePoint servers

    Mitigation Patch Update

    CISA urged immediate hardening of Microsoft SharePoint servers after disclosure of multiple zero-day vulnerabilities affecting supported on-premises SharePoint Server Subscription Edition, 2019, and 2016. The agency said CVE-2026-56164 was added to the KEV catalog and federal agencies must patch it within three days under BOD 26-04, while Microsoft’s July 2026 Patch Tuesday also resolved CVE-2026-55040 and CVE-2026-58644; CISA advised monitoring for unusual activity, hunting for intrusions, rotating IIS machine keys, enabling tailored logging, avoiding direct internet exposure, and restricting access to administration interfaces.

    Show sources