8.1

CVE-2026-45503

Medienbericht

Microsoft Exchange Server Information Disclosure Vulnerability

Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version2016 Updatecumulative_update_23
MicrosoftExchange Server Version2019 Updatecumulative_update_14
MicrosoftExchange Server Version2019 Updatecumulative_update_15
MicrosoftExchange Server Subscription Edition Version < 15.02.2562.043
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.361
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
secure@microsoft.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.06.2026 18:13
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 20:12
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45503
Vendor Advisory