■■■■■ In conducting a 0-day research project against #SharePoint, Rapid7 Labs discovered 2 new vulns that, when chained together, achieve RCE against a vulnerable server.
Today, Rapid7 and Microsoft are disclosing CVE-2026-55040 – the first vuln in this chain: r-7.co/4f2HpQO
(https://www.rapid7.com/blog/post/ve-cve-2026-55040-microsoft-sharepoint-jwt-token-authentication-bypass-fixed/)
