CVE-2026-55040 – Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVSS 9.1 CRITICAL Critical or Zero Day – Immediate Deployment

“When authentication can be bypassed, every protected resource becomes a potential target.”

A weak authentication vulnerability in Microsoft SharePoint Server allows an unauthenticated attacker to bypass authentication over the network. By making an anonymous connection, an attacker can impersonate a legitimate user and gain unauthorized access to SharePoint resources. Because the vulnerability is remotely exploitable, requires no user interaction, and carries a high CVSS score, it poses a significant risk to organizations running affected SharePoint servers.

CVSS Score: 9.1

SEVERITY: Critical

THREAT:
This vulnerability allows an attacker to bypass SharePoint authentication and impersonate a legitimate user. Successful exploitation could provide unauthorized access to sensitive information and allow unauthorized modification of SharePoint content without requiring valid credentials.

EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as more likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by weak authentication (CWE-1390) in Microsoft SharePoint Server. Microsoft states that an unauthenticated attacker can bypass the authentication mechanism by making an anonymous network connection, allowing impersonation of a legitimate user. The vulnerability is remotely exploitable over the network with low attack complexity and requires no user interaction. Successful exploitation can compromise the confidentiality and integrity of SharePoint content without affecting system availability.

EXPLOITABILITY:
Affected products include Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition. Microsoft also confirms that the SharePoint Enterprise Server 2016 update applies to SharePoint Server 2016. Exploitation requires no authentication or user interaction and is performed remotely over the network by bypassing the authentication process.

BUSINESS IMPACT:
SharePoint commonly stores business-critical documents, collaboration data, and sensitive corporate information. An authentication bypass could allow unauthorized users to access confidential information, alter business records, compromise collaboration sites, and undermine trust in the organization’s document management platform.

WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for all affected SharePoint Server deployments.

URGENCY:
This vulnerability should be deployed urgently because it is rated Critical with a CVSS v3.1 Base Score of 9.1. It is remotely exploitable, requires no authentication or user interaction, and Microsoft assesses exploitation as more likely, making prompt remediation important to prevent unauthorized access to SharePoint environments.

Key Details

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-1390
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.