VDB

CVE-2026-45503

CVE-2026-45503 PUBLISHED CVSS 8.1 HIGH

Reported by microsoft · Published June 9, 2026

Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Risk Scores

CVSS 3.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0
microsoftexchange_server_se15.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_201915.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0, 15.01.0.0, 15.01.0.0
microsoftexchange_server_201615.01.0.0, 15.01.0.0, 15.01.0.0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jul 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›