Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3936 articles · 175980 vulns · 37/41 feeds (7d)
← Back to list
9.1
CVE-2026-55040EXPLOITEDPATCHED
Microsoft · Microsoft SharePoint Enterprise Server 2016

Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.

Description

Critical authentication bypass in Microsoft SharePoint that can lead to unauthenticated remote code execution when chained with another vulnerability.

Affected Products

VendorProductVersions
MicrosoftMicrosoft SharePoint Enterprise Server 201616.0.0, 16.0.5561.1001

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftmicrosoft sharepoint server subscription editionmitre_affected90%
microsoftmicrosoft sharepointmitre_affected90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55040(vendor-advisory, patch)

Related News (5 articles)

Tier C
Rapid7 Blog1h ago
Patch Tuesday - July 2026
→ No new info (linked only)
Tier C
VulDB1h ago
CVE-2026-55040 | Microsoft SharePoint Server improper authorization
→ No new info (linked only)
Tier C
Qualys Blog1h ago
Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review 
→ No new info (linked only)
Tier D
The Hacker News2h ago
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
→ No new info (linked only)
Tier A
Microsoft MSRC9h ago
CVE-2026-55040 Microsoft SharePoint Server Security Feature Bypass Vulnerability
→ No new info (linked only)
CVSS 3.19.1 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
16.0.5561.1001
CWECWE-1390, CWE-284
PublishedJul 14, 2026
Last enriched49m agov4
Trending Score72
Source articles5
Independent5
Info Completeness10/14
Missing: epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-56155EXPKEV
Active Directory Federation Services Elevation of Privilege Vulnerability
Trending: 138
MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 135
HIGHCVE-2026-50656EXP
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 100
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 72
CRITICALCVE-2026-57092EXP
Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.
Trending: 69

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Patch Available
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, exploitAvailable, activelyExploited
Jul 14, 2026
Updated: cweIds
Jul 14, 2026
Updated: description, affectedVersions, patchAvailable
Jul 14, 2026

Version History

v4
Last enriched 49m ago
v4Tier C49m ago

Updated description with new technical details, added affected version, and specified the fixed version number.

descriptionaffectedVersionspatchAvailable
via Rapid7 Blog
v3Tier C1h ago

Updated description with new details, changed product to 'Microsoft SharePoint Server', severity to 'HIGH', and noted no exploit available.

cweIds
via VulDB
v2Tier A5h ago

Updated description with details about weak authentication and marked the vulnerability as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited
via Microsoft MSRC
v15h ago

Initial creation