Active Exploitation of Microsoft AD FS Vulnerability CVE-2026-56155 Detected

Active Exploitation of Microsoft AD FS Vulnerability CVE-2026-56155 Detected

First seen 15 Jul 2026, 15:27 UTC CybersecuritynewsDigital.Nhs.Uk 78% similarity 72.9

Article Content

Browse articles
ThreatCluster

Microsoft has confirmed the active exploitation of CVE-2026-56155, an elevation-of-privilege vulnerability in Active Directory Federation Services (AD FS). This flaw allows authenticated local attackers with low privileges to gain administrator-level access. The vulnerability was published on 2026-07-14 and added to the CISA KEV list on the same day. Additionally, CVE-2026-56164 has also been detected as exploited, with a proof-of-concept released on 2026-07-15. Organizations using affected Microsoft products are urged to apply the latest security updates. The vulnerabilities affect systems running AD FS and other Microsoft platforms. Microsoft has released updates addressing a total of 622 vulnerabilities across its products. SharePoint Server 2016 and 2019 are now unsupported as of 2026-07-14, increasing the risk for organizations still using these versions.

Key Points: • CVE-2026-56155 allows local attackers to escalate privileges in AD FS. • Microsoft has released security updates for 622 vulnerabilities, including critical ones. • Organizations using unsupported SharePoint Server versions are at increased risk.

ThreatCluster AI

Timeline

2026-07-14
CVE-2026-56155 published
An elevation-of-privilege vulnerability in AD FS was disclosed, allowing local attackers to gain admin access.
Cybersecuritynews
2026-07-14
CVE-2026-56155 added to CISA KEV
CVE-2026-56155 was recognized for active exploitation and added to the CISA Known Exploited Vulnerabilities list.
Digital.Nhs.Uk
2026-07-14
CVE-2026-56164 published
Another critical vulnerability was disclosed, with exploitation detected shortly after its publication.
Digital.Nhs.Uk
2026-07-15
Proof-of-concept for CVE-2026-56164 released
A public proof-of-concept for CVE-2026-56164 was made available, increasing the risk of exploitation.
Digital.Nhs.Uk

Community

Browse all →