THREATOPS
THREAT OPSThreat News › CVE-2026-55040: Microsoft SharePoint JWT Token Authentication Bypass (FIXED)

CVE-2026-55040: Microsoft SharePoint JWT Token Authentication Bypass (FIXED)

medrapid7Published 2026-07-14

<h2 style="direction: ltr;">Overview</h2><p style="direction: ltr;"><span style="font-size: undefined;">Rapid7 Labs conducted a zero-day research project against Microsoft SharePoint, resulting in the discovery of two new vulnerabilities that, when chained together, achieve unauthenticated remote code execution (RCE) against a vulnerable SharePoint server. Today, both Rapid7 and Microsoft are disc

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.rapid7.com/blog/post/ve-cve-2026-55040-microsoft-sharepoint-jwt-token-authentication-bypass-fixed