VDB

CVE-2026-48579

CVE-2026-48579 PUBLISHED CVSS 9.1 CRITICAL

Reported by microsoft · Published June 4, 2026

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

Risk Scores

CVSS 3.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Exchange Online-
MicrosoftMicrosoft Exchange Online-, -, -
microsoftexchange_online-, -, -

Timeline

  • Jun 4, 2026 CVE Published
  • Jun 5, 2026 EPSS Score
  • Jun 5, 2026 Security Advisory
  • Jun 6, 2026 Coalition ESS Score
  • Jul 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›