// Microsoft 365HIGH
Public proof-of-concept exploit released for CVE-2026-45504, a server-side request forgery vulnerability in Microsoft Exchange Server 2016 and 2019 that enables privilege escalation via arbitrary file reads. The flaw allows authenticated attackers with low privileges to exfiltrate sensitive files, credentials, and configuration data from on-premises Exchange deployments. Microsoft released patches on June 9, 2026; unpatched systems face significant risk as functional exploit code is now publicly available.
- PoC Exploit Released for Microsoft Exchange Server Elevation of (opens in a new tab)
- CVE-2026-45504 Microsoft Exchange SSRF via File Read | HawkTrace(opens in a new tab)
- Exploit Released for Microsoft Exchange Vulnerability(opens in a new tab)
// Get alerts for Microsoft 365