CVE-2026-48579: exchange online vulnerability

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
CVE-2026-48579CVSS 9.1Windows

CVE-2026-48579: exchange online vulnerability

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

CVSS
9.1 CRITICAL
EPSS
59.03%
Known exploited
not in KEV
Product
exchange online

What is known

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

Sources