CVE-2026-56155 is an Active Directory Federation Services elevation of privilege vulnerability caused by insufficient granularity of access control. Microsoft rates it CVSS v3.1 7.8/10 (High) with a temporal score of 7.2; the vector is LOCAL, LOW attack complexity, LOW privileges required, and no user interaction. Microsoft reports the issue has been exploited, with FUNCTIONAL exploit code maturity, and customer action is required. Because exploitation is local rather than network-based, the enterprise risk is highest where attackers already have local access on affected Windows systems. Highlights: - CVSS scores: Base 7.8 - Temporal 7.2 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: Yes; Latest Software Release: Exploitation Detected; Exploit Code Maturity: FUNCTIONAL. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH; successful exploitation can grant administrator privileges. - Exploitation likelihood: Not explicitly labeled in the source data; vector context is LOCAL with LOW attack complexity, LOW privileges required, and no user interaction, which supports feasible local abuse once an attacker has access. - Severity for enterprise: High. In-wild exploitation is confirmed, but the local attack vector limits exposure compared with network-reachable vulnerabilities. Risk is most relevant on systems where an attacker can obtain local execution or local access. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025