Home
HIGH: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 15.01.0.0 (custom) before 15.01.2507.071
affected
15.02.0.0 (custom) before 15.02.1544.043
affected
15.02.0.0 (custom) before 15.02.1748.048
affected
15.02.0.0 (custom) before 15.02.2562.045
affected
Description
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Problem types
CWE-1220: Insufficient Granularity of Access Control
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55006 (Microsoft Exchange Server Elevation of Privilege Vulnerability)