CVE-2026-45502 MEDIUM

CVE-2026-45502: Microsoft Exchange Server Information Disclosure Vulnerability

Vendor Microsoft
Product Microsoft Exchange Server 2016 Cumulative Update 23
Weakness CWE-918 · SSRF
Published June 9, 2026
Last update June 15, 2026
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 15, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-48874 Ruijie Reyee OS Server-Side Request Forgery CVE-2025-22701 WordPress Traveler Layout Essential For Elementor plugin < 1.4 - Server Side Request Forgery (SSRF) vulnerability CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery CVE-2025-55007 Knowage vulnerable to server-side request forgery CVE-2021-47703 OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php