Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local privilege escalation from an existing low-privileged authenticated context (AV:L, PR:L, AC:L, UI:N) yielding full host compromise, so C/I/A all High with unchanged scope.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows an authenticated attacker with low-level privileges on the server to elevate to higher privileges due to insufficiently granular access controls (CWE-1220). The CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L) reflects local exploitation yielding full confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to the Exchange server host with an existing low-privilege authenticated context (CVSS PR:L, AV:L) and no user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 7.8) describes a locally exploitable, low-complexity escalation that requires the attacker to already hold some authenticated foothold (PR:L) but no user interaction, delivering full high impact on the host. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already obtained a low-privileged authenticated account or limited code execution on an Exchange server - for example via a compromised service account or a prior foothold - abuses the coarse access-control check to perform an operation reserved for a higher privilege level, escalating to full control of the mail server. Given AC:L this requires no special timing or race conditions. … |
| Remediation | Apply the Microsoft security update for your build as documented in the vendor advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55006 - a patch is available per Microsoft for Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all Microsoft Exchange Server instances in your environment and determine which are running 2016 CU23, 2019 CU14/CU15, or Subscription Edition RTM; assess criticality and data sensitivity of affected systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials
Stored/reflected cross-site scripting in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition
Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an aut
Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44025
GHSA-hxvf-rh49-68gj