CVE-2026-48582
published 2026-06-19CVE-2026-48582: Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
PriorityP261critical9.6CVSS 3.1
AVNACLPRLUINSCCHIHAN
EPSS
0.39%
30.8th percentile
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_exchange_online | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Exchange Online privilege escalation (EUVD-2026-38090)
vuldb·2026-06-20
CVE-2026-48582 [CRITICAL] Microsoft Exchange Online privilege escalation (EUVD-2026-38090)
A vulnerability classified as critical was found in Microsoft Exchange Online. Affected is an unknown function. Executing a manipulation can lead to privilege escalation.
This vulnerability is handled as CVE-2026-48582. The attack can only be done within the local network. There is not any exploit available.
GHSA
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
ghsa_unreviewed·2026-06-19
CVE-2026-48582 [CRITICAL] CWE-862 Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-19
Published