CVE-2026-56155
Microsoft · Active Directory Federation Services
Microsoft Active Directory Federation Services is affected by a vulnerability involving insufficient granularity of access control.
Executive summary
This critical vulnerability in Microsoft Active Directory Federation Services is being actively exploited and allows authenticated attackers to gain elevated control.
Vulnerability
The software exhibits insufficient granularity of access control (CWE-1220). An attacker with low-level privileges can exploit this flaw to perform unauthorized actions or gain excessive permissions within the identity management environment.
Business impact
With a CVSS score of 9.5, this vulnerability is critical. It provides an attacker with the ability to compromise the identity and access management layer, which is a foundational component of enterprise security. A breach here could allow an attacker to move laterally across the network, escalate privileges, and gain persistent, unauthorized access to sensitive corporate resources.
Remediation
Immediate Action: Apply the relevant security updates provided by Microsoft for all affected Windows Server and Windows 10 installations immediately.
Proactive Monitoring: Audit Active Directory Federation Services logs for suspicious permission changes or anomalous access patterns that deviate from established administrative baselines.
Compensating Controls: Enforce the principle of least privilege for all service accounts and monitor for unusual authentication attempts originating from low-privileged user accounts.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
The active exploitation of this vulnerability in the identity stack makes it a high-priority remediation task. Organizations must verify that all ADFS instances are patched and that monitoring controls are tuned to detect potential unauthorized access attempts within the identity environment.