VDB
CVE-2026-45504
CVE-2026-45504
PUBLISHED
CVSS 8.800000190734863 HIGH
A specifically crafted attachment, with the ProviderEndpointUrl field pointing towards a malicious infrastructure is used for SSRF. When the attachment is opened, the Exchange Server sends a request to the malicious server which returns a modified URI containing the path to the desired file. An oversight in the processing logic causes the server to return the requested files to the attacker without validation. The root cause of the vulnerability is the lack of validation of values returned by WOPU providers, causing the server to respond to any request without additional checks.
EPSS 0.47% · 36.9th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.47%
36.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Exchange Server Subscription Edition RTM (Build: 15.02.2562.043) | |
| Microsoft | Microsoft Exchange Server 2016 | |
| Microsoft | Microsoft Exchange Server 2019 |
Timeline
- Jun 9, 2026 CVE Published
- Jun 10, 2026 Coalition ESS Score
- Jun 10, 2026 Security Advisory
- Jun 15, 2026 Security Advisory
- Jun 15, 2026 CVE Updated
- Jun 30, 2026 EPSS Score
References
- https://ccb.belgium.be/advisories/warning-privilege-escalation-vulnerability-exchange-server-2016-2019-and-subscription advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45504 vendor
- https://nvd.nist.gov/vuln/detail/CVE-2026-45504 technical
- https://hawktrace.com/blog/CVE-2026-45504/ technical