Vulnerability in Microsoft Windows_10_1607
CVE-2026-56155
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Windows_10_1607
- Microsoft Windows_10_1809
- Microsoft Windows 10 Version 1607 — versions 10.0.14393.0
- Microsoft Windows 10 Version 1809 — versions 10.0.17763.0
- Microsoft Windows Server 2012 — versions 6.2.9200.0
- Microsoft Windows_server_2012 — versions r2
- Microsoft Windows Server 2012 R2 — versions 6.3.9600.0
- Microsoft Windows Server 2012 R2 (Server Core Installation) — versions 6.3.9600.0
- Microsoft Windows Server 2012 (Server Core Installation) — versions 6.2.9200.0
- Microsoft Windows Server 2016 — versions 10.0.14393.0
Weakness classification (CWE)
References
- secure@microsoft.com (vendor-advisory, patch, Vendor Advisory)
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (US Government Resource)
Frequently asked questions
- What is CVE-2026-56155?
- CVE-2026-56155 is a high-severity vulnerability in Microsoft Windows_10_1607, classified under CWE-1220. CVSS score: 7.8/10. Published 2026-07-14.
- How severe is CVE-2026-56155?
- High severity. CVSS v3 base score is 7.8 out of 10.