VDB

CVE-2026-45583

CVE-2026-45583 PUBLISHED CVSS 7.5 HIGH

Reported by microsoft · Published June 9, 2026

Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0
microsoftexchange_server_201615.01.0.0, 15.01.0.0, 15.01.0.0
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0, 15.01.0.0, 15.01.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_201915.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_se15.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0, 15.02.0.0, 15.02.0.0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jul 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›