securityonline.info 7/3/2026, 1:32:25 AM · external

CVE-2026-45504: Exchange flaw lets low-priv users read files

CVE-2026-45504: Exchange flaw lets low-priv users read files
CyberSIXT Evidence Panel
Primary Source msrc.microsoft.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

THE content details a newly discovered Microsoft Exchange vulnerability (CVE-2026-45504) that allows low-privileged users to read arbitrary files on an Exchange server. This vulnerability, discovered by HawkTrace, has a CVSS score of 8.8, indicating a high severity level. It affects multiple versions of Microsoft Exchange, particularly server versions 2016 CU23 and 2019 CU14/CU15.

Microsoft has issued patches to mitigate the exploit, which can occur through incorrect handling of URLs when integrating with SharePoint. Users are urged to apply these updates immediately as exploit code is now public, raising concerns about potential attacks.

View Primary Source Via securityonline.info

Article by CyberSIXT