CVE Catalog

CVE-2026-48582

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Risk Assessment

An attacker with valid permissions may gain access to resources they should not have access to, potentially leading to serious security breaches.

Recommendation

It is recommended to review and strengthen authorization mechanisms in Microsoft Exchange Online to prevent unauthorized privilege escalation.

Original NVD description (English source)

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS