THE content details a newly discovered Microsoft Exchange vulnerability (CVE-2026-45504) that allows low-privileged users to read arbitrary files on an Exchange server. This vulnerability, discovered by HawkTrace, has a CVSS score of 8.8, indicating a high severity level. It affects multiple versions of Microsoft Exchange, particularly server versions 2016 CU23 and 2019 CU14/CU15.
Microsoft has issued patches to mitigate the exploit, which can occur through incorrect handling of URLs when integrating with SharePoint. Users are urged to apply these updates immediately as exploit code is now public, raising concerns about potential attacks.