CVE-2026-48582: exchange online vulnerability

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-48582CVSS 9.6Windows

CVE-2026-48582: exchange online vulnerability

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVSS
9.6 CRITICAL
EPSS
30.93%
Known exploited
not in KEV
Product
exchange online

What is known

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Sources