// Alert

Microsoft 365 threat report

CVE-2026-45504 is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server 2019 that allows authenticated low-privileged users to read arbitrary files via improper URL validation in the OneDriveProUtilities component. The flaw stems from unsafe handling of user-controlled input in WOPI (Web Application Open Platform Interface) URL processing, enabling attackers to chain the vulnerability through malicious attachment references to access sensitive files such as configuration data and credentials. A proof-of-concept exploit has been publicly released.

// Get alerts for Microsoft 365