VDB

CVE-2026-45501

CVE-2026-45501 PUBLISHED CVSS 6.5 MEDIUM

Reported by microsoft · Published June 9, 2026

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0
microsoftexchange_server_se15.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_201615.01.0.0, 15.01.0.0, 15.01.0.0
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0, 15.01.0.0, 15.01.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_201915.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0, 15.02.0.0, 15.02.0.0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jul 9, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›