Microsoft released a fix on July 14, 2026 for CVE-2026-55040, an authentication bypass in SharePoint that lets a remote, unauthenticated attacker impersonate any user — administrators included — given the target's Active Directory SID or UPN. The discovery, credited to Stephen Fewer of Rapid7 Labs, marks one of the first documented cases of a zero-day found through agentic AI approaches, involving roughly 80,000 tool calls across 24 active working days.
- CVE-2026-55040 carries a CVSSv3.1 score of 5.3 (Medium) and a CWE-1390 classification (Weak Authentication), but chains to an unauthenticated RCE that drastically amplifies its impact.
- The flaw resides in defects in SharePoint's JWT token validation pipeline: a remote, unauthenticated attacker can forge valid tokens to impersonate arbitrary users knowing only their SID or UPN.
- The July 2026 Patch Tuesday release breaks the entire exploit chain even though the RCE component remains unpatched until the August 2026 cycle.
- The research employed agentic AI across 96 sessions, 256 prompts, and approximately 80,000 tool calls distributed over two sprints between January and March 2026.
The Mechanism: How a JWT Flaw Becomes Full Enterprise Access
The vulnerability sits in SharePoint's JWT token validation pipeline. According to the Rapid7 advisory, "The vulnerability is due to several issues in the JWT token validation pipeline." An attacker who knows a target's Active Directory SID or UPN can construct an apparently valid token and gain full access to the SharePoint server as that user.
The prerequisite — knowledge of the SID or UPN — is technically limiting but operationally manageable: the UPN in particular often follows the corporate email format, easily discoverable through enumeration or open-source intelligence. The source does not specify whether automated SID retrieval techniques exist, but Active Directory's structure makes the identifier deducible in many standard enterprise environments.
The immediate impact is access to SharePoint sites, corporate documents, approval workflows, and intranet areas with the impersonated user's privileges. The official advisory statement is direct: "A remote unauthenticated attacker can leverage CVE-2026-55040 to bypass authentication on a vulnerable SharePoint server and perform operations as a SharePoint site user or administrator."
From Medium to Critical: The Chaining That Defies CVSS
The CVSSv3.1 score of 5.3 (Medium) assigned by Microsoft reflects the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N — an impact limited to integrity without confidentiality loss or availability impact. However, this rating isolates the single vulnerability from its real operational context.
Rapid7 documented that CVE-2026-55040 fits into an exploit chain that includes a second component, an unauthenticated RCE whose details were disclosed to Microsoft but which will not be patched before the August 2026 cycle. The July patch breaks the entire chain, rendering the concatenation ineffective, but the temporal misalignment between the bypass fix and the RCE fix expresses a structural criticality: for roughly a month, unpatched environments remain exposed to a complete remote-to-code-execution path.
The case revives a recurring tension in vulnerability rating. When a "Medium" authentication bypass opens the surface to an RCE, the single flaw's CVSS score becomes a misleading indicator for risk prioritization. Organizations that filter alerts by nominal severity risk underestimating threats whose gravity emerges only from chain analysis, not from the standardized calculator.
"Patching CVE-2026-55040 will successfully break this exploit chain" — Rapid7 advisory
The AI Agent as New Accelerator: Methodology and Timeline
Rapid7 initiated coordinated disclosure on May 18, 2026, with Microsoft confirmation on May 20. But the distinguishing factor in this discovery is the methodology: for the first time in a public advisory, a security vendor details the use of an AI agent in finding a working zero-day.
The first sprint, in January 2026, failed: zero usable results. The second sprint, in March 2026, produced the full exploit chain. The published numbers are precise: 24 active agentic working days, 96 sessions, 256 prompts, approximately 80,000 tool calls. The source does not specify the exact AI model or agent architecture, but the granularity of the reporting suggests an internal Rapid7 Labs organization designed to measure and replicate the process.
The first sprint's failure is as relevant as the second's success: it indicates the AI agent did not replace human intuition but accelerated the systematic exploration phase, allowing Fewer to iterate faster on technical hypotheses. The model does not appear as an autonomous oracle but as an amplification tool for an expert researcher's capacity.
A contextual data point warrants caution: Stephen Fewer participated in Pwn2Own Berlin 2026, where the SharePoint exploit attempt did not succeed within the allotted time. The dossier does not confirm that the chain disclosed as CVE-2026-55040 corresponds exactly to that failed attempt. The primary source does not mention Pwn2Own in the context of the July disclosure, and the advisory does not present the vulnerability as a direct consequence of the competition.
Why It Matters
The brief does not document specific remedial measures beyond the Microsoft patch's availability. The source does not specify which exact SharePoint versions are vulnerable, nor whether in-the-wild exploits exist at the time of disclosure. Full technical details of the JWT vulnerability are not yet public: Rapid7 will release them within 30 days of the July 14, 2026 disclosure, unless active exploits accelerate publication.
The source does not list alternative mitigations, hardening configurations, or specific monitoring actions for this vulnerability. Rapid7 customers with InsightVM, Nexpose, or Exposure Command can assess exposure via authenticated checks available from July 14, 2026: this is the only documented operational action in the dossier.
The associated RCE component has no confirmed CVE assigned in the brief, and it is unclear whether one will be attributed with the August 2026 patch. The reader impact is dual: for enterprises with SharePoint, the priority is applying the July fix; for the security industry, the agentic AI methodology introduces a speed variable in zero-day discovery that vulnerability management programs will need to integrate into their threat anticipation models.
Microsoft provided a statement thanking Rapid7 for responsible disclosure, reported in the advisory: "We would like to thank Rapid7 for responsibly reporting this issue through coordinated vulnerability disclosure."
FAQ
What is the real risk if my SharePoint is exposed to the Internet?
The source documents that a remote, unauthenticated attacker can impersonate administrators. If the server is exposed, the risk is full access to content and workflows with elevated privileges. The source does not specify whether Internet exposure technically amplifies the vulnerability compared to internal network access.
Why is the CVSS 5.3 considered misleading in this case?
CVSS measures the isolated single vulnerability, which has limited integrity impact. In the real exploit chain, the JWT bypass enables the RCE: the effective impact is critical, but the standard rating does not capture interactions between multiple components.
Will AI agents make zero-day research more accessible?
The dossier documents only this specific case. It is not known whether Rapid7 will make the methodology public, nor whether other research groups have replicated the approach with similar results. The confirmed data point is the temporal acceleration: from zero results to a working chain in two months, with a failed first sprint.
Information is based on the cited advisory and current as of publication.
Information is based on the cited source and current as of publication.
Sources
- https://www.rapid7.com/blog/post/ve-cve-2026-55040-microsoft-sharepoint-jwt-token-authentication-bypass-fixed
- https://www.rapid7.com/blog/post/ve-rapid7-labs-at-pwn2own-vuln-intel
- https://www.rapid7.com/security/disclosure
- https://www.zerodayinitiative.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N