Microsoft Microsoft Exchange Online
2 CVEs affecting Microsoft Microsoft Exchange Online. Latest disclosed: 2026-06-04. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-26137 | Critical | 9.9 | 2026-03-19 | Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. |
CVE-2026-48579 | Critical | 9.1 | 2026-06-04 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. |