Privilege Elevation Vulnerability in Microsoft Exchange Online
CVE-2026-48582

9.6CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Online
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-48582?

An authorization flaw in Microsoft Exchange Online allows an authorized user to elevate their privileges, potentially leading to unauthorized access and data manipulation across the network. This vulnerability underscores the importance of robust permission checks within software applications to mitigate risks associated with unauthorized privilege escalation.

Affected Version(s)

Microsoft Exchange Online -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48582 Data

JSON