Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable service exploitable with a low-privilege authenticated account and no user interaction, yielding full code execution and thus high C/I/A on an unchanged scope.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
AnalysisAI
Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold valid low-privilege authentication to the Exchange Server (CVSS PR:L), reachable over the network (AV:N), with no user interaction needed (UI:N) and low attack complexity (AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 8.8 (High) reflects a network attack vector, low attack complexity, no user interaction, and only low privileges required, with high impact to all three security properties - a genuinely serious combination for an internet-adjacent mail server. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or been granted a low-privilege Exchange mailbox account sends a crafted request to a network-facing Exchange service, triggering the heap-based buffer overflow and executing code in the server's context. Because no user interaction is required and attack complexity is low, a single authenticated session is sufficient; no public POC is currently identified, so a working exploit would need to be developed. |
| Remediation | Apply the Microsoft security update for CVE-2026-55005 as published in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55005 (Patch available per vendor advisory); install the corresponding fixed cumulative-update or security-update package for your specific build - Exchange 2016 CU23, Exchange 2019 CU14 or CU15, or Exchange Server Subscription Edition RTM. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify and inventory all Exchange Server instances across your environment, prioritizing those running the affected versions (2016 CU23, 2019 CU14/CU15, SE RTM). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials
Stored/reflected cross-site scripting in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition
Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows
Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44024
GHSA-6m3r-w7v9-p35g