๐Ÿ” CVE Alert

CVE-2026-56155

HIGH 7.8 โš ๏ธ CISA KEV

Active Directory Federation Services Elevation of Privilege Vulnerability

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

Vendor microsoft
Product windows 10 version 1607
Ecosystems
Industries
TechnologyEnterprise
Published Jul 14, 2026
Last Updated Jul 15, 2026
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for microsoft windows 10 version 1607

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-56155.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Microsoft / Windows 10 Version 1607
10.0.14393.0 < 10.0.14393.9339
Microsoft / Windows 10 Version 1809
10.0.17763.0 < 10.0.17763.9020
Microsoft / Windows Server 2012
6.2.9200.0 < 6.2.9200.26226
Microsoft / Windows Server 2012 (Server Core installation)
6.2.9200.0 < 6.2.9200.26226
Microsoft / Windows Server 2012 R2
6.3.9600.0 < 6.3.9600.23291
Microsoft / Windows Server 2012 R2 (Server Core installation)
6.3.9600.0 < 6.3.9600.23291
Microsoft / Windows Server 2016
10.0.14393.0 < 10.0.14393.9339
Microsoft / Windows Server 2016 (Server Core installation)
10.0.14393.0 < 10.0.14393.9339
Microsoft / Windows Server 2019
10.0.17763.0 < 10.0.17763.9020
Microsoft / Windows Server 2019 (Server Core installation)
10.0.17763.0 < 10.0.17763.9020
Microsoft / Windows Server 2022
10.0.20348.0 < 10.0.20348.5386
Microsoft / Windows Server 2025
10.0.26100.0 < 10.0.26100.33158
Microsoft / Windows Server 2025 (Server Core installation)
10.0.26100.0 < 10.0.26100.33158

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
msrc.microsoft.com: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56155 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56155