CVE-2026-56155

EUVD-2026-44042
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1607
𝑥
< 10.0.14393.9339
microsoftwindows_10_1607
𝑥
< 10.0.14393.9339
microsoftwindows_10_1809
𝑥
< 10.0.17763.9020
microsoftwindows_10_1809
𝑥
< 10.0.17763.9020
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.9339
microsoftwindows_server_2019
𝑥
< 10.0.17763.9020
microsoftwindows_server_2022
𝑥
< 10.0.20348.5386
microsoftwindows_server_2025
𝑥
< 10.0.26100.33158
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1607 (x64, x86)
1809 (x64, x86)
Windows Server 2012
Server Core
Standard
Windows Server 2012 R2
Server Core
Standard
Windows Server 2016
Server Core
Standard
Windows Server 2019
Server Core
Standard
Windows Server 2022
Standard
Windows Server 2025
Server Core
Standard