CVE-2026-55052 is a Microsoft SharePoint Elevation of Privilege vulnerability caused by missing authorization. It has a CVSS v3.1 base score of 8.8 (High) and a temporal score of 7.7. The vector is network-exploitable (AV:N) with low attack complexity, low privileges required, and no user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity marked unproven and exploitation unlikely. If exploited, an attacker can gain the rights of the user running the affected application, and the impact is high for confidentiality, integrity, and availability. Because it is remotely reachable and does not require user interaction, it is relevant for enterprise SharePoint deployments exposed over the network. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality impact HIGH, integrity impact HIGH, availability impact HIGH. - Exploitation likelihood: Exploitation Unlikely; network vector (AV:N), low attack complexity (AC:L), low privileges required (PR:L), and no user interaction (UI:N). - Severity for enterprise: High technical severity and higher relevance for network-exposed SharePoint services because the issue is remotely exploitable and requires no user interaction, though Microsoft does not indicate active exploitation. - Patch status: available; customer action required. Affected systems: - Microsoft SharePoint Server 2016 - Microsoft SharePoint Enterprise Server 2016