CVE-2026-48579
published 2026-06-04CVE-2026-48579: Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.01%
58.9th percentile
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_exchange_online | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Exchange Online improper authorization
vuldb·2026-06-05·CVSS 9.1
CVE-2026-48579 [CRITICAL] Microsoft Exchange Online improper authorization
A vulnerability was found in Microsoft Exchange Online. It has been declared as critical. This issue affects some unknown processing. Executing a manipulation can lead to improper authorization.
This vulnerability is handled as CVE-2026-48579. The attack can be executed remotely. There is not any exploit available.
This product is a managed service, so users do not have direct control over vulnerability countermeasures.
GHSA
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
ghsa_unreviewed·2026-06-05
CVE-2026-48579 [CRITICAL] CWE-285 Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
blogs_talos·2026-06-09·CVSS 8.8
CVE-2026-42985 [HIGH] Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for June 2026, which includes 206 vulnerabilities affecting a range of products, including 32 that Microsoft marked as “critical”.
Out of 32 "critical" entries, 28 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Windows Active Directory, Windows Kerberos Key Distribution Centre (KDC), Windows Graphics component, Windows Remote Desktop client, Windows Deployment Services (WDS), DHCP Client service, Windows Hyper-V, Windows Kernel and Media, Azure Kubernetes Service (AKS), Microsoft Office, Microsoft Outlook, Microsoft Word, Microsoft SQL server and Windows HTTP Protocol Stack.
Talos highlights 4 cr
Sans Isc
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
blogs_sans_isc·2026-06-09·CVSS 8.8
CVE-2026-49160 [HIGH] Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
Microsoft June 2026 Patch Tuesday
Published: 2026-06-09. Last Updated: 2026-06-09 17:34:29 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorporated 360 different vulnerabilities affecting Chromium into its Edge browser.
This is certainly a busier-than-usual patch Tuesday. In particular, the large number of patched Chromium/Edge vulnerabilities underscores the impact of AI tools on vulnerability discovery.
Some noteworthy vulnerabilities:
CVE-2026-49160: This vulnerability was made public a week ago. As implem
Crowdstrike
June 2026 Patch Tuesday: Microsoft Patches 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days
blogs_crowdstrike
CVE-2026-45586 June 2026 Patch Tuesday: Microsoft Patches 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days
CrowdStrike 2026 Technology Threat Landscape Report: China’s Ambitions Fuel Attacks Jun 09, 2026
June 2026 Patch Tuesday: Microsoft Patches 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days Jun 09, 2026
CrowdStrike and Zscaler Bring Continuous Identity to Zero Trust Access Jun 08, 2026
3 Principles to Safely Scale Agentic AI Jun 05, 2026
CrowdStrike 2026 Technology Threat Landscape Report: China’s Ambitions Fuel Attacks Jun 09, 2026
June 2026 Patch Tuesday: Microsoft Patches 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days Jun 09, 2026
CrowdStrike and Zscaler Bring Continuous Identity to Zero Trust Access Jun 08, 2026
3 Principles to Safely Scale Agentic AI Jun 05, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Hel
2026-06-04
Published