THREAT OPS › Threat News › CVE-2026-55040: Microsoft SharePoint JWT Token Authentication Bypass (FIXED)
CVE-2026-55040: Microsoft SharePoint JWT Token Authentication Bypass (FIXED)
<h2 style="direction: ltr;">Overview</h2><p style="direction: ltr;"><span style="font-size: undefined;">Rapid7 Labs conducted a zero-day research project against Microsoft SharePoint, resulting in the discovery of two new vulnerabilities that, when chained together, achieve unauthenticated remote code execution (RCE) against a vulnerable SharePoint server. Today, both Rapid7 and Microsoft are disc
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-55040cve
- https://www.zerodayinitiative.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-resultsurl
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:Nurl
- administrator@domain.localemail
- images.contentstack.iodomain