CVE-2026-56155

high

Description

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

July 2026 Patch Tuesday: Largest Patch Tuesday 569 CVEs
July 2026 Patch Tuesday: Largest Patch Tuesday 569 CVEs

Published: 2026-07-14

Microsoft patched 569 CVEs in July 2026, the largest Patch Tuesday release in its history. 56 critical CVEs patched including three zero-day vulnerabilities.

References

Details

Source: Mitre, NVD

Published: 2026-07-14

Updated: 2026-07-15

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00379