Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3672 articles · 175915 vulns · 37/41 feeds (7d)
← Back to list
7.8
CVE-2026-56155KEVEXPLOITEDPATCHED
microsoft · windows 10 version

Active Directory Federation Services Elevation of Privilege Vulnerability

Description

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

Affected Products

VendorProductVersions
microsoftwindows 10 version10.0.14393.0, 10.0.17763.0, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.26100.0, 10.0.26100.0

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56155(vendor-advisory, patch)

Related News (4 articles)

Tier C
Cisco Talos40m ago
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
→ No new info (linked only)
Tier D
The Hacker News42m ago
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
→ No new info (linked only)
Tier C
VulDB1h ago
CVE-2026-56155 | Microsoft Windows up to 2025 Active Directory Federation Services access control
→ No new info (linked only)
Tier D
SecurityWeek2h ago
Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days
→ No new info (linked only)
CVSS 3.17.8 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
10.0.14393.933910.0.17763.90206.2.9200.262266.3.9600.2329110.0.20348.538610.0.26100.33158
CWECWE-1220
PublishedJul 14, 2026
Last enriched36m agov3
Tags
elevation of privilege
Trending Score136🔥
Source articles4
Independent4
Info Completeness11/14
Missing: epss, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 137
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 73
HIGHCVE-2026-49788EXP
HTTP/2 Denial of Service Vulnerability
Trending: 68
HIGHCVE-2026-45646EXP
OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability
Trending: 68
HIGHCVE-2026-40378EXP
Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Trending: 68

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Added to CISA KEV
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, cweIds, exploitAvailable
Jul 14, 2026
Updated: description, severity, tags
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v3
Last enriched 36m ago
v3Tier C36m ago

Updated description with new technical details, changed severity to CRITICAL, added new CWE, and included new tags.

descriptionseveritytags
via Cisco Talos
v2Tier D2h ago

Updated description with specific details about the AD FS vulnerability and added CWE-561, indicating that the exploit is now available.

descriptioncweIdsexploitAvailable
via SecurityWeek
v13h ago

Initial creation