Home
HIGH: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 15.01.0.0 (custom) before 15.01.2507.071
affected
15.02.0.0 (custom) before 15.02.1544.043
affected
15.02.0.0 (custom) before 15.02.1748.048
affected
15.02.0.0 (custom) before 15.02.2562.045
affected
Description
Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Problem types
CWE-502: Deserialization of Untrusted Data
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55009 (Microsoft Exchange Server Elevation of Privilege Vulnerability)