Skip to main content

Exchange Online

1 CVEs product

Monthly

CVE-2026-48582 CRITICAL PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Exchange Online allows an authenticated remote attacker to elevate privileges across a tenant or organizational boundary due to missing authorization checks. The flaw carries a CVSS 3.1 score of 9.6 with scope change, indicating impact beyond the initially authorized security context, though no public exploit identified at time of analysis. As a cloud-hosted service, mitigation is largely Microsoft-managed rather than a customer-applied patch.

Authentication Bypass Microsoft Exchange Online
NVD VulDB
CVSS 3.1
9.6
EPSS
0.4%
EPSS 0% CVSS 9.6
CRITICAL PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Exchange Online allows an authenticated remote attacker to elevate privileges across a tenant or organizational boundary due to missing authorization checks. The flaw carries a CVSS 3.1 score of 9.6 with scope change, indicating impact beyond the initially authorized security context, though no public exploit identified at time of analysis. As a cloud-hosted service, mitigation is largely Microsoft-managed rather than a customer-applied patch.

Authentication Bypass Microsoft Exchange Online
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy