VDB

CVE-2026-45502

CVE-2026-45502 PUBLISHED CVSS 5 MEDIUM

Reported by microsoft · Published June 9, 2026

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Risk Scores

CVSS 3.1
5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_201615.01.0.0, 15.01.0.0, 15.01.0.0
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0, 15.01.0.0, 15.01.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_201915.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_se15.02.0.0, 15.02.0.0, 15.02.0.0

Timeline

  • CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jul 1, 2026 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›