CISA KEV Alert 7/14/2026, 8:14:50 PM

CISA warns ADFS flaw allows local privilege escalation

Developing story incident 4 articles tracked
CISA warns ADFS flaw allows local privilege escalation
CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

ON 14 July 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2026‑56155 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects Microsoft’s Active Directory Federation Services (ADFS) and is titled *Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability*. It allows an authorised attacker to raise privileges locally.

The vulnerability stems from insufficient granularity of access control within ADFS, enabling a legitimate user with minimal privileges to execute specially crafted requests that lead to privilege escalation on the host system. It can be exploited locally, requiring the attacker to have an existing authenticated session. The Common Vulnerability Scoring System rates the issue at 7.8 (High severity). Microsoft has released a patch addressing the flaw.

CISA’s inclusion of the CVE in the KEV catalogue confirms that the vulnerability is being actively exploited in the wild. No public reports link this flaw to ransomware campaigns at present. Federal civilian executive branch (FCEB) agencies must apply mitigations by the CISA‑set remediation deadline of 28 July 2026.

CISA directs FCEB agencies to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s Binding Operational Directive (BOD) 26‑04 Prioritizing Security Updates Based on Risk and CISA’s “Forensics Triage Requirements”. Agencies must follow the applicable BOD 26‑04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders should evaluate each asset's internet exposure and adhere to BOD 26‑04 patching guidelines. All organisations are advised to review their ADFS deployments for exposure and apply the available patch promptly.

For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-56155 and the CISA KEV catalogue entry.

View CISA KEV Entry

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline