CVE Catalog
CVE-2026-48582
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk0.40%
32th percentile — higher than 32% of all known CVEs
Summary
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
Risk Assessment
An attacker with valid permissions may gain access to resources they should not have access to, potentially leading to serious security breaches.
Recommendation
It is recommended to review and strengthen authorization mechanisms in Microsoft Exchange Online to prevent unauthorized privilege escalation.
Original NVD description (English source)
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

