<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-15T13:58:06.726620+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/35633754-f789-4a98-b7d6-069ce6bd35e8/export</id>
    <title>35633754-f789-4a98-b7d6-069ce6bd35e8</title>
    <updated>2026-07-15T13:58:06.747116+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "35633754-f789-4a98-b7d6-069ce6bd35e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://www.cert.se/2026/07/patchtisdag-juli-2026-samlad-information-om-manadens-sakerhetsuppdateringar.html", "content": "", "creation_timestamp": "2026-07-15T13:16:26.223922Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/35633754-f789-4a98-b7d6-069ce6bd35e8/export"/>
    <published>2026-07-15T13:16:26.223922+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fdabc0ed-5018-422d-8522-e109a76c819e/export</id>
    <title>fdabc0ed-5018-422d-8522-e109a76c819e</title>
    <updated>2026-07-15T13:58:06.748983+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fdabc0ed-5018-422d-8522-e109a76c819e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3mqos525p4s2c", "content": "These security flaws (tracked as CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164) affect all supported self-hosted SharePoint Server versions. www.bleepingcomputer.com/news/securit...", "creation_timestamp": "2026-07-15T13:08:47.865541Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fdabc0ed-5018-422d-8522-e109a76c819e/export"/>
    <published>2026-07-15T13:08:47.865541+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/56ae7cd9-cbfb-49ae-8ff4-5b1a22702869/export</id>
    <title>56ae7cd9-cbfb-49ae-8ff4-5b1a22702869</title>
    <updated>2026-07-15T13:58:06.749759+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "56ae7cd9-cbfb-49ae-8ff4-5b1a22702869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116924148481859535", "content": "These security flaws (tracked as CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164) affect all supported self-hosted SharePoint Server versions. https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-actively-exploited-sharepoint-flaws/", "creation_timestamp": "2026-07-15T13:08:38.531670Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/56ae7cd9-cbfb-49ae-8ff4-5b1a22702869/export"/>
    <published>2026-07-15T13:08:38.531670+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ca225467-00d8-45ee-bda5-6f028ed65db6/export</id>
    <title>ca225467-00d8-45ee-bda5-6f028ed65db6</title>
    <updated>2026-07-15T13:58:06.749847+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ca225467-00d8-45ee-bda5-6f028ed65db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116924125429997112", "content": "CISA has added the critical CVE-2026-56164 vulnerability in Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog due to active, unauthenticated remote privilege escalation attacks. Organizations must implement necessary patches or mitigations by the July 17, 2026, deadline to secure their internet-facing infrastructure.https://cybersecuritynews.com/sharepoint-server-vulnerability-exploited/", "creation_timestamp": "2026-07-15T13:02:47.098581Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ca225467-00d8-45ee-bda5-6f028ed65db6/export"/>
    <published>2026-07-15T13:02:47.098581+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/22384a71-0c48-43b9-9286-8291c452581e/export</id>
    <title>22384a71-0c48-43b9-9286-8291c452581e</title>
    <updated>2026-07-15T13:58:06.749919+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "22384a71-0c48-43b9-9286-8291c452581e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://gist.github.com/alon710/8c9608a120a643db7abcad634f249000", "content": "# CVE-2026-56164: CVE-2026-56164: Elevation of Privilege via Missing Authentication in Microsoft SharePoint Server\n\n&amp;gt; **CVSS Score:** 5.3\n&amp;gt; **Published:** 2026-07-14\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-56164\n\n## Summary\nCVE-2026-56164 is a critical vulnerability affecting Microsoft SharePoint Server. It permits unauthenticated, remote attackers to bypass identity verification controls. This flaw is classified under CWE-306: Missing Authentication for Critical Function and allows elevation of privilege up to Farm Administrator level. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation.\n\n## TL;DR\nMissing authentication in the User Profiles assembly allows unauthenticated network attackers to elevate privileges to Farm Administrator by omitting the security digest and supplying specific routing headers.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE ID**: CWE-306\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 5.3\n- **Exploit Status**: Active Exploitation\n- **KEV Status**: Listed\n\n## Affected Systems\n\n- Microsoft SharePoint Enterprise Server 2016\n- Microsoft SharePoint Server 2019\n- Microsoft SharePoint Server Subscription Edition\n- **SharePoint Enterprise Server 2016**: &amp;gt;= 16.0.0, &amp;lt; 16.0.5561.1001 (Fixed in: `16.0.5561.1001`)\n- **SharePoint Server 2019**: &amp;gt;= 16.0.0, &amp;lt; 16.0.10417.20175 (Fixed in: `16.0.10417.20175`)\n- **SharePoint Server Subscription Edition**: &amp;gt;= 16.0.0, &amp;lt; 16.0.19725.20434 (Fixed in: `16.0.19725.20434`)\n\n## Mitigation\n\n- Install the official Microsoft July 2026 security updates for SharePoint.\n- Deploy IIS URL Rewrite rules to block requests to client.svc lacking X-RequestDigest headers.\n- Restrict network access to SharePoint administrative and client services endpoints using WAF rules.\n\n**Remediation Steps:**\n1. Identify all deployed SharePoint Server instances and verify their build numbers.\n2. Download the respective patch package from the Microsoft Security Update Guide for your version of SharePoint.\n3. Apply the patch during a scheduled maintenance window to update assemblies.\n4. Perform a full forensic triage on site collections for unauthorized administrator promotions.\n\n## References\n\n- [Microsoft Security Update Guide Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56164)\n- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56164)\n- [NVD Vulnerability Details](https://nvd.nist.gov/vuln/detail/CVE-2026-56164)\n- [CISA BOD 26-04 Directive](https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk)\n- [Wiz Vulnerability Database Reference](https://www.wiz.io/vulnerability-database/cve/cve-2026-56164)\n- [Sentinel AI Defense PoC Repository](https://github.com/sentinel-aidefense/CVE-2026-56164-EXP)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-56164) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-15T10:31:10.547564Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/22384a71-0c48-43b9-9286-8291c452581e/export"/>
    <published>2026-07-15T10:31:10.547564+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3c7a6aa5-570c-4e0d-85b6-3ba8b18ba9e9/export</id>
    <title>3c7a6aa5-570c-4e0d-85b6-3ba8b18ba9e9</title>
    <updated>2026-07-15T13:58:06.750004+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "3c7a6aa5-570c-4e0d-85b6-3ba8b18ba9e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://www.cert.dk/news/2026-07-15/Rekordernes-tid-er-slet-ikke-forbi", "content": "", "creation_timestamp": "2026-07-15T08:45:14.073374Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3c7a6aa5-570c-4e0d-85b6-3ba8b18ba9e9/export"/>
    <published>2026-07-15T08:45:14.073374+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/29fc4a49-4988-4e17-a9d9-9c21cf68f2d1/export</id>
    <title>29fc4a49-4988-4e17-a9d9-9c21cf68f2d1</title>
    <updated>2026-07-15T13:58:06.750075+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "29fc4a49-4988-4e17-a9d9-9c21cf68f2d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://www.jpcert.or.jp/english/at/2026/at260020.html", "content": "", "creation_timestamp": "2026-07-15T08:45:05.422903Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/29fc4a49-4988-4e17-a9d9-9c21cf68f2d1/export"/>
    <published>2026-07-15T08:45:05.422903+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e4da5c47-3d8c-4c0a-a3de-ba61346c0afe/export</id>
    <title>e4da5c47-3d8c-4c0a-a3de-ba61346c0afe</title>
    <updated>2026-07-15T13:58:06.750140+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e4da5c47-3d8c-4c0a-a3de-ba61346c0afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://bsky.app/profile/solidot.bsky.social/post/3mqocl3btlt2r", "content": "\u5fae\u8f6f\u5468\u4e8c\u4f8b\u884c\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u4e86 570 \u4e2a\u6f0f\u6d1e\n\n\u5fae\u8f6f\u5728\u672c\u5468\u4e8c\u91ca\u51fa\u4e86 7 \u6708\u4f8b\u884c\u5b89\u5168\u66f4\u65b0\uff0c\u4fee\u590d\u4e86\u521b\u7eaa\u5f55\u7684 570 \u4e2a\u6f0f\u6d1e\u3002\u5fae\u8f6f\u5c06\u8865\u4e01\u6570\u91cf\u7684\u6fc0\u589e\u5f52\u4e8e AI \u8f85\u52a9\u7684\u6f0f\u6d1e\u53d1\u73b0\u3002\u5176\u4e2d\u8fd1 60 \u4e2a Bug \u7684\u98ce\u9669\u7b49\u7ea7\u5f52\u7c7b\u4e3a\u9ad8\u5371\u7ea7\u3002\u5fae\u8f6f\u8fd8\u4fee\u590d\u4e86 3 \u4e2a 0day\uff0c\u5176\u4e2d 2 \u4e2a\u6b63\u88ab\u5229\u7528\u30022 \u4e2a\u88ab\u5229\u7528\u7684 0day \u90fd\u662f\u63d0\u6743\u6f0f\u6d1e\uff0c\u5305\u62ec CVE-2026-56155 \u548c CVE-2026-56164\u3002\u7b2c\u4e09\u4e2a 0day \u5219\u80fd\u7ed5\u8fc7 Windows BitLocker \u7684\u5b89\u5168\u529f\u80fd\uff0c\u5fae\u8f6f\u8868\u793a\u5c1a\u672a\u53d1\u73b0\u8be5\u6f0f\u6d1e\u88ab\u5229\u7528\u3002", "creation_timestamp": "2026-07-15T08:30:17.594936Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e4da5c47-3d8c-4c0a-a3de-ba61346c0afe/export"/>
    <published>2026-07-15T08:30:17.594936+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4293a387-9bbd-44a8-bf6d-15cd02165d21/export</id>
    <title>4293a387-9bbd-44a8-bf6d-15cd02165d21</title>
    <updated>2026-07-15T13:58:06.750215+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4293a387-9bbd-44a8-bf6d-15cd02165d21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mqo53atcas7i", "content": "\u300c\u3053\u306e\u5185 CVE-2026-56155\u3001CVE-2026-56164 \u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u3001Microsoft \u793e\u3067\u306f\u60aa\u7528\u306e\u4e8b\u5b9f\u3092\u78ba\u8a8d\u6e08\u307f\u3068\u516c\u8868\u3057\u3066\u304a\u308a\u3001\u4eca\u5f8c\u88ab\u5bb3\u304c\u62e1\u5927\u3059\u308b\u304a\u305d\u308c\u304c\u3042\u308b\u305f\u3081\u3001\u81f3\u6025\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u9069\u7528\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u300d", "creation_timestamp": "2026-07-15T06:52:06.501437Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4293a387-9bbd-44a8-bf6d-15cd02165d21/export"/>
    <published>2026-07-15T06:52:06.501437+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f2f00b54-fa5d-4ed8-a7a3-e1a3a15efc97/export</id>
    <title>f2f00b54-fa5d-4ed8-a7a3-e1a3a15efc97</title>
    <updated>2026-07-15T13:58:06.750287+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "f2f00b54-fa5d-4ed8-a7a3-e1a3a15efc97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-56164", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-july-2026", "content": "", "creation_timestamp": "2026-07-15T05:15:05.544996Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f2f00b54-fa5d-4ed8-a7a3-e1a3a15efc97/export"/>
    <published>2026-07-15T05:15:05.544996+00:00</published>
  </entry>
</feed>
