Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3838 articles · 175945 vulns · 37/41 feeds (7d)
← Back to list
7.8
CVE-2026-56155KEVEXPLOITEDPATCHED
microsoft · windows 10 version

Active Directory Federation Services Elevation of Privilege Vulnerability

Description

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

Affected Products

VendorProductVersions
microsoftwindows 10 version10.0.14393.0, 10.0.17763.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.26100.0, 10.0.26100.0

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56155(vendor-advisory, patch)

Related News (5 articles)

Tier C
Qualys Blog51m ago
Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review 
→ No new info (linked only)
Tier C
Cisco Talos1h ago
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
→ No new info (linked only)
Tier D
The Hacker News1h ago
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
→ No new info (linked only)
Tier C
VulDB2h ago
CVE-2026-56155 | Microsoft Windows up to 2025 Active Directory Federation Services access control
→ No new info (linked only)
Tier D
SecurityWeek3h ago
Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days
→ No new info (linked only)
CVSS 3.17.8 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
10.0.14393.933910.0.17763.90206.2.9200.262266.3.9600.2329110.0.20348.538610.0.26100.33158
CWECWE-1220
PublishedJul 14, 2026
Last enriched1h agov3
Tags
elevation of privilege
Trending Score140🔥
Source articles5
Independent5
Info Completeness11/14
Missing: epss, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 137
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 73
CRITICALCVE-2026-48561EXP
Microsoft Copilot Remote Code Execution Vulnerability
Trending: 69
CRITICALCVE-2026-55040EXP
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
Trending: 69
HIGHCVE-2026-50424EXP
Windows Domain Controller Denial of Service Vulnerability
Trending: 68

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Added to CISA KEV
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, cweIds, exploitAvailable
Jul 14, 2026
Updated: description, severity, tags
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v3
Last enriched 1h ago
v3Tier C1h ago

Updated description with new technical details, changed severity to CRITICAL, added new CWE, and included new tags.

descriptionseveritytags
via Cisco Talos
v2Tier D3h ago

Updated description with specific details about the AD FS vulnerability and added CWE-561, indicating that the exploit is now available.

descriptioncweIdsexploitAvailable
via SecurityWeek
v14h ago

Initial creation