CVE-2026-45503
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2016 cumulative_update_23 | |
| Before 15.02.2562.043 |
Related CWEs
CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
References (1)
Source: secure@microsoft.com
Vendor Advisory
Timeline
No history available yet.