CVE-2026-56155: Microsoft Active Directory Federation Services Insufficient Granularity Of Access Control Vulnerability Actively Exploited (CISA KEV)

TL;DR

Microsoft Active Directory Federation Services (ADFS) has a critical vulnerability, CVE-2026-56155, that enables privilege escalation. The flaw is currently being exploited in the wild, prompting urgent security responses.

A vulnerability in Microsoft Active Directory Federation Services (ADFS), CVE-2026-56155, is being actively exploited by attackers to escalate privileges within affected networks. Microsoft has issued an urgent warning and recommended immediate mitigation measures. The flaw involves insufficient granularity of access control, allowing authorized attackers to elevate their privileges locally, which could lead to full system compromise.

Security researchers and Microsoft officials confirmed that CVE-2026-56155 affects ADFS implementations, a critical component for federated identity management in many enterprise environments. The vulnerability arises from inadequate access controls that permit an attacker with some level of authorized access to escalate privileges to system administrator levels.

Microsoft released an advisory on March 25, 2026, warning organizations to apply recommended patches and mitigation strategies immediately. Exploitation has been observed in the wild, with threat actors targeting organizations with exposed or poorly secured ADFS servers. The attack allows local privilege escalation, potentially enabling attackers to compromise entire networks.

At a glance
breakingWhen: developing; active exploitation reporte…
The developmentMicrosoft ADFS vulnerability CVE-2026-56155 is actively exploited, enabling privilege escalation due to insufficient access control granularity.

Implications of Privilege Escalation in Critical Identity Infrastructure

This vulnerability is significant because it targets a core component of enterprise security—identity federation and single sign-on systems. Exploitation could enable attackers to gain persistent access, move laterally within networks, and compromise sensitive data or critical systems. The active exploitation increases the risk of widespread breaches and underscores the importance of rapid mitigation.

Enterprise Patch Panel and Rack Management: Physical Layer Best Practices

Enterprise Patch Panel and Rack Management: Physical Layer Best Practices

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background and Known Details of CVE-2026-56155 in ADFS

Microsoft Active Directory Federation Services is widely used by organizations to manage secure access across multiple systems and services. Prior to this, security experts identified similar privilege escalation issues in other identity management systems, but CVE-2026-56155 appears to be a new, more severe flaw. Microsoft’s security update for this vulnerability was released on March 25, 2026, following initial reports of exploitation.

Experts note that the flaw stems from insufficient access control granularity within the ADFS server architecture, which allows an attacker with limited access to elevate privileges locally. The attack can be carried out without requiring remote code execution, making it particularly dangerous for organizations with exposed or poorly configured ADFS servers.

“Microsoft has released security updates to address CVE-2026-56155, a privilege escalation vulnerability in ADFS. We strongly advise organizations to apply these patches immediately.”

— Microsoft Security Response Center

Amazon

privilege escalation vulnerability mitigation tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Uncertainties Surrounding the Scope and Exploitation of the Flaw

While Microsoft has confirmed the existence of CVE-2026-56155 and its active exploitation, details about the full scope of affected systems and the specific tactics used by attackers remain limited. It is unclear how widespread the exploitation is or whether certain versions of ADFS are more vulnerable than others. Additionally, the full technical details of the flaw have not been publicly disclosed, pending further analysis.

Securing the Perimeter: Deploying Identity and Access Management with Free Open Source Software

Securing the Perimeter: Deploying Identity and Access Management with Free Open Source Software

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Next Steps for Organizations and Microsoft Security Teams

Organizations using ADFS should immediately review their systems, apply the latest security patches provided by Microsoft, and follow recommended mitigation steps. Microsoft is expected to release further technical details and guidance in upcoming security updates. Security researchers will continue monitoring for active exploitation and developing detection tools. Enterprises should also consider implementing additional security controls, such as network segmentation and multi-factor authentication, to reduce risk.

NetAlly CyberScope Air Wi-Fi Edge Network Vulnerability Scanner (Wireless Only Version). Validate Edge Infrastructure Hardening, Hunt Down Rogue Devices, Investigate Suspect RF Interference

NetAlly CyberScope Air Wi-Fi Edge Network Vulnerability Scanner (Wireless Only Version). Validate Edge Infrastructure Hardening, Hunt Down Rogue Devices, Investigate Suspect RF Interference

Portable, handheld form factor – Take it anywhere for on-site security testing. This field-ready tool gives you visibility…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

What is CVE-2026-56155?

CVE-2026-56155 is a privilege escalation vulnerability in Microsoft Active Directory Federation Services that allows an attacker with some authorized access to elevate privileges locally, potentially leading to full system compromise.

How is this vulnerability being exploited?

Threat actors are actively exploiting CVE-2026-56155 by targeting vulnerable ADFS servers, leveraging the flaw’s insufficient access control granularity to escalate privileges without remote code execution.

What should organizations do immediately?

Organizations should apply the security patches released by Microsoft, review their ADFS configurations, and follow mitigation guidance to prevent exploitation.

Is there a fix available?

Yes, Microsoft released security updates on March 25, 2026, to address the vulnerability. Applying these patches is critical to reducing risk.

How serious is this vulnerability?

This is a critical vulnerability due to its active exploitation and potential for privilege escalation, which could lead to complete network compromise if left unmitigated.

Source: kev

You May Also Like

Cyber Insurance 101: What Policies Really Cover (and the Costly Gaps They Don’t)Business

Discover how cyber insurance policies may leave costly gaps in coverage and what you need to know to protect your business effectively.

The Great Cybersecurity Talent Shortage: Crisis or Overhyped?

Blockchain of cybersecurity talent shortages raises questions about its true severity—discover whether this crisis is real or overstated.

Why Attack Surface Management Keeps Growing in Importance

Ineffective security measures struggle against expanding digital vulnerabilities, making Attack Surface Management increasingly vital to safeguard your organization’s future.

Cybersecurity Awareness Month: Top 5 Online Safety Tips

With essential tips for Cybersecurity Awareness Month, discover how to safeguard your online presence and stay ahead of potential threats that could jeopardize your information.