3 matches found
CVE-2026-48582
This CVE affects Microsoft Exchange Online. Missing authorization could allow an attacker with low privileges and network access (no user interaction) to elevate privileges (impact: high confidentiality and integrity, no availability impact) per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base...
CVE-2026-54998
CVE-2026-54998 describes an incorrect authorization in Microsoft Exchange Online that enables an authorized attacker to elevate privileges over a network. This vulnerability impacts Exchange Online’s authorization checks, allowing escalation of access from an existing authorized state. The CVSS 3...
CVE-2026-48579
CVE-2026-48579 affects Microsoft Exchange Online and represents an information disclosure vulnerability due to improper authorization. The available data indicate an unauthenticated attacker could disclose information over the network, with a CVSS 3.1 base score of 9.1 (CRITICAL) and impact limit...