CVE-2026-45503
Undergoing Analysis Undergoing Analysis - In Progress
Improper Authorization in Microsoft Exchange Server

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: Microsoft Corporation

Description
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-45503
EUVD
EUVD-2026-35679
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
microsoft exchange_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45503 is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. It allows an authorized attacker to make the server send unauthorized requests, which can lead to the disclosure of sensitive information over a network.

Impact Analysis

This vulnerability can lead to significant information disclosure, allowing an attacker with some level of authorization to access sensitive data over the network. The impact is rated as important with a CVSS base score of 8.1, indicating high confidentiality and integrity risks.

Compliance Impact

This vulnerability in Microsoft Exchange Server allows an authorized attacker to disclose information over a network due to improper authorization.

Such information disclosure could potentially impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access and disclosure.

However, the provided information does not specify exact compliance implications or affected data types relevant to these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45503. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart