← back
CVE-2026-45504

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS 8.8 HIGHEPSS 0.4%CWE-918
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 14Microsoft · Microsoft Exchange Server 2019 Cumulative Update 15Microsoft · Microsoft Exchange Server Subscription Edition RTM
public PoCs found1
githubgithub.com/hawktrace/CVE-2026-4550444
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45504