CVE-2026-48582NVD

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Severity Level

CRITICAL(9.6)

Published Date

Jun 19, 2026

Last Modified

Jun 19, 2026

Exploitation Status

No confirmed exploitation yet

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityNone