CVE-2026-45504

Published: Jun 9, 2026Modified: Jun 12, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: secure@microsoft.com

Description

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Affected (4)

Products: Microsoft: Exchange Server

1 product

Exchange Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Exchange Server	Before 15.02.2562.043
Microsoft Exchange Server	Version 2016 cumulative_update_23
Microsoft Exchange Server	Version 2019 cumulative_update_14
Microsoft Exchange Server	Version 2019 cumulative_update_15

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45504

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.