CVE Catalog

CVE-2026-45501

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile - higher than 23% of all known CVEs

Summary

A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network. This flaw can be exploited to send unauthorized requests to internal network resources.

Risk Assessment

The risk involves potential privilege escalation and access to sensitive internal data through server request manipulation. An attacker can impersonate other systems, leading to network confidentiality and integrity breaches.

Recommendation

Immediately apply security patches provided by Microsoft for Exchange Server. Additionally, restrict trust in network requests and monitor traffic for suspicious SSRF patterns.

Original NVD description (English source)

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS