CVE-2026-45502

MEDIUM5.0SSRF

JSON export Create alert

Description

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft Exchange Server 2016 Cumulative Update 2315.01.0.0 – 15.01.2507.069
Microsoft / Microsoft Exchange Server 2019 Cumulative Update 1415.02.0.0 – 15.02.1544.041
Microsoft / Microsoft Exchange Server 2019 Cumulative Update 1515.02.0.0 – 15.02.1748.046
Microsoft / Microsoft Exchange Server Subscription Edition RTM15.02.0.0 – 15.02.2562.043

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45502

Updated 4m ago · 2 sources