Primary

Context

Microsoft Exchange Server Spoofing Vulnerability via Server-Side Request Forgery

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Microsoft Exchange Server. This vulnerability allows an authorized attacker to perform network spoofing. It affects multiple versions of Microsoft Exchange Server, including the 2019 Cumulative Updates 14 and 15, the 2016 Cumulative Update 23, and the Subscription Edition RTM.

Impact

Exploitation of this vulnerability could lead to unauthorized network spoofing.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. Instructions for downloading the security update are available on the Microsoft Exchange Server Security Update Guide page.

Added: Jun 9, 2026, 6:39 PM

Updated: Jun 9, 2026, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.4

exploitability

4.8

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.4

exploitability

4.8

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Exchange Server Spoofing Vulnerability via Server-Side Request Forgery

Vulnerability

Impact

Remediation

Affected Products

Microsoft Exchange Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating