Microsoft Exchange Online — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Exchange Online, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-48582 — CVSS 9.6 (critical): Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-48579 — CVSS 9.1 (critical): Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
CVE-2026-54998 — CVSS 8.8 (high): Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.