CVE-2026-45501: Microsoft Exchange Server Spoofing Vulnerability
Overview
- Severity
- Medium (CVSS 6.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Spoofing
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2026-Jun
- Released
- 2026-06-09
Description
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.
Affected Products (4)
Server Software
- Microsoft Exchange Server Subscription Edition RTM
ESU
- Microsoft Exchange Server 2016 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 15
- Microsoft Exchange Server 2019 Cumulative Update 14
Security Updates (1)
Acknowledgments
MARIOS GYFTOS, <a href="https://smlijun.github.io/">DongJun Kim (smlijun)</a> with UIUC, Hwiwon Lee (hwiwonl) with UIUC, Jongseong Kim (nevul37) with UIUC, <a href="https://www.linkedin.com/in/talha--gunay/">TALHA GÜNAY</a>, Younggi Park (grill66) with UIUC, <a href="https://www.linkedin.com/in/artemy-tsetsersky/">Artemy Tsetsersky</a> with <a href="https://www.angarasecurity.ru/">Angara Security</a>
Revision History
- 2026-06-09: Information published.