Skip to main content

Microsoft Exchange Server CVE-2026-55006

| EUVDEUVD-2026-44025 HIGH
Insufficient Granularity of Access Control (CWE-1220)
2026-07-14 microsoft GHSA-hxvf-rh49-68gj
7.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
vuln.today AI
7.8 HIGH

Local privilege escalation from an existing low-privileged authenticated context (AV:L, PR:L, AC:L, UI:N) yielding full host compromise, so C/I/A all High with unchanged scope.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 17:59 vuln.today
CVE Published
Jul 14, 2026 - 17:04 nvd
HIGH 7.8

DescriptionCVE.org

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows an authenticated attacker with low-level privileges on the server to elevate to higher privileges due to insufficiently granular access controls (CWE-1220). The CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L) reflects local exploitation yielding full confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-priv account on Exchange host
Delivery
Access coarse-grained authorization boundary
Exploit
Invoke higher-privileged operation
Execution
Elevate to elevated/system privileges
Impact
Full compromise of mail server

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to the Exchange server host with an existing low-privilege authenticated context (CVSS PR:L, AV:L) and no user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 7.8) describes a locally exploitable, low-complexity escalation that requires the attacker to already hold some authenticated foothold (PR:L) but no user interaction, delivering full high impact on the host. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already obtained a low-privileged authenticated account or limited code execution on an Exchange server - for example via a compromised service account or a prior foothold - abuses the coarse access-control check to perform an operation reserved for a higher privilege level, escalating to full control of the mail server. Given AC:L this requires no special timing or race conditions. …
Remediation Apply the Microsoft security update for your build as documented in the vendor advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55006 - a patch is available per Microsoft for Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all Microsoft Exchange Server instances in your environment and determine which are running 2016 CU23, 2019 CU14/CU15, or Subscription Edition RTM; assess criticality and data sensitivity of affected systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55006 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy