Digital.Nhs.Uk
Active Exploitation of Microsoft AD FS Vulnerability CVE-2026-56155 Detected
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Microsoft has confirmed the active exploitation of CVE-2026-56155, an elevation-of-privilege vulnerability in Active Directory Federation Services (AD FS). This flaw allows authenticated local attackers with low privileges to gain administrator-level access. The vulnerability was published on 2026-07-14 and added to the CISA KEV list on the same day. Additionally, CVE-2026-56164 has also been detected as exploited, with a proof-of-concept released on 2026-07-15. Organizations using affected Microsoft products are urged to apply the latest security updates. The vulnerabilities affect systems running AD FS and other Microsoft platforms. Microsoft has released updates addressing a total of 622 vulnerabilities across its products. SharePoint Server 2016 and 2019 are now unsupported as of 2026-07-14, increasing the risk for organizations still using these versions.
Key Points: • CVE-2026-56155 allows local attackers to escalate privileges in AD FS. • Microsoft has released security updates for 622 vulnerabilities, including critical ones. • Organizations using unsupported SharePoint Server versions are at increased risk.