CVE-2026-45503
Analyzed Analyzed - Analysis Complete

Improper Authorization in Microsoft Exchange Server

Publication date: 2026-06-09

Last updated on: 2026-06-15

Assigner: Microsoft Corporation

Description
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-15
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-45503
EUVD
EUVD-2026-35679

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
microsoft exchange_server 2016
microsoft exchange_server 2019
microsoft exchange_server 2019
microsoft exchange_server_subscription_edition to 15.02.2562.043 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-45503 is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. It allows an authorized attacker to make the server send unauthorized requests, which can lead to the disclosure of sensitive information over a network.

Impact Analysis

This vulnerability can lead to significant information disclosure, allowing an attacker with some level of authorization to access sensitive data over the network. The impact is rated as important with a CVSS base score of 8.1, indicating high confidentiality and integrity risks.

Compliance Impact

This vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network due to improper authorization.

Such information disclosure could potentially impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access and disclosure.

However, the provided information does not specify exact compliance implications or affected data types relevant to these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45503. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart