HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45504Published Modified CNA microsoft

CVE-2026-45504: Microsoft Exchange Server Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
15.01.2507.069
Affected Products
4

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Server-side request forgery (SSRF) in Microsoft Exchange Server allows an authenticated attacker to escalate their privileges over the network. The vulnerability is reachable remotely and requires only a low-privilege account; no victim interaction is needed. Successful exploitation gives the attacker high levels of read, write, and availability impact on the Exchange server. Patched-image rebuilds at the fix versions are available on HarborGuard for environments running an affected build.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built Exchange-derived images, in both registry scans and pipeline checks.

Available
Triage

HarborGuard scores this CVE at 8.8 HIGH using the CVSS v3.1 vector and can weight findings against each customer organization's compliance policy to route alerts to the appropriate team inbox.

Available
Patch

Patched-image rebuilds at versions 15.01.2507.069, 15.02.1544.041, 15.02.1748.046, and 15.02.2562.043 are available on HarborGuard for any environment running an affected build. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Exchange Server service over the network; AV:N means no local or physical access is needed.

  • AuthenticationRequired

    A valid low-privilege account on the Exchange Server is sufficient; PR:L means anonymous access alone does not satisfy this requirement.

  • Victim interactionNot required

    The attacker does not need any user or administrator to click a link or take any action; UI:N means exploitation is fully attacker-driven.

  • Attack complexityDetail

    AC:L indicates the exploit is reliable and condition-free, requiring no race conditions, special memory layout, or environmental prerequisites.

Blast Radius

  • A successful attacker reads sensitive Exchange data, including stored emails, configuration secrets, and authentication material.
  • The attacker writes to or modifies Exchange data, including mailbox contents, transport rules, and server configuration.
  • The attacker can disrupt Exchange service availability, causing mail flow outages for affected users.
  • Because all three impact dimensions (confidentiality, integrity, availability) are rated HIGH, a single exploited instance provides full operational control over the affected Exchange server.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of advisory ingestion for any customer image found running an affected Exchange build (2016 CU23 before 15.01.2507.069, or 2019 CU14/CU15/SE RTM before their respective fix builds). Where compliance policy permits, the triage finding is routed automatically to the relevant team based on org-level policy weighting. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the appropriate fix version, runs a regression test pass, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who manage patching manually will find the fixed build references (15.01.2507.069, 15.02.1544.041, 15.02.1748.046, 15.02.2562.043) surfaced directly in the HarborGuard finding detail for each affected image.

See how HarborGuard automates this

Fix available

15.01.2507.06915.02.1544.04115.02.1748.04615.02.2562.043
Patch commits
Affected packages
  • Microsoft / Microsoft Exchange Server 2016 Cumulative Update 23
    < 15.01.2507.069 (from 15.01.0.0)
  • Microsoft / Microsoft Exchange Server 2019 Cumulative Update 14
    < 15.02.1544.041 (from 15.02.0.0)
  • Microsoft / Microsoft Exchange Server 2019 Cumulative Update 15
    < 15.02.1748.046 (from 15.02.0.0)
  • Microsoft / Microsoft Exchange Server Subscription Edition RTM
    < 15.02.2562.043 (from 15.02.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References