cbcvebase.
CVE-2026-45504
published 2026-06-09

CVE-2026-45504: Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.46%
36.9th percentile
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Affected

8 ranges
VendorProductVersion rangeFixed in
microsoftexchange_server
microsoftexchange_server
microsoftexchange_server
microsoftexchange_server_subscription_edition< 15.02.2562.04315.02.2562.043
microsoftmicrosoft_exchange_server_2016_cumulative_update_23>= 15.01.0.0 < 15.01.2507.06915.01.2507.069
microsoftmicrosoft_exchange_server_2019_cumulative_update_14>= 15.02.0.0 < 15.02.1544.04115.02.1544.041
microsoftmicrosoft_exchange_server_2019_cumulative_update_15>= 15.02.0.0 < 15.02.1748.04615.02.1748.046
microsoftmicrosoft_exchange_server_subscription_edition_rtm>= 15.02.0.0 < 15.02.2562.04315.02.2562.043
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.