Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3258 articles · 170413 vulns · 37/41 feeds (7d)
← Back to list
8.8
CVE-2026-54998PATCHED
microsoft · microsoft exchange online

Microsoft Exchange Online Elevation of Privilege Vulnerability

Description

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Affected Products

VendorProductVersions
microsoftmicrosoft exchange online-

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftexchangecert_advisory90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54998(vendor-advisory, patch)

Related News (3 articles)

Tier B
BSI Advisories11h ago
[NEU] [hoch] Microsoft Exchange Online: Schwachstelle ermöglicht Privilegieneskalation
→ No new info (linked only)
Tier C
VulDB18h ago
CVE-2026-54998 | Microsoft Exchange Online authorization
→ No new info (linked only)
Tier A
Microsoft MSRC1d ago
CVE-2026-54998 Microsoft Exchange Online Elevation of Privilege Vulnerability
→ No new info (linked only)
CVSS 3.18.8 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA KEV❌ No
Actively exploited❌ No
Patch available
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54998
CWECWE-863
PublishedJul 2, 2026
Last enriched17h agov2
Tags
managed service
Trending Score41
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-33825EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 133
HIGHCVE-2026-45659EXPKEV
Microsoft SharePoint Remote Code Execution Vulnerability
Trending: 128
HIGHCVE-2026-58287EXP
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Trending: 57
HIGHCVE-2026-58284EXP
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Trending: 57
HIGHCVE-2026-50521EXP
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Trending: 53

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 2, 2026
Discovered by ZDM
Jul 2, 2026
Updated: severity, tags
Jul 3, 2026
Patch Available
Jul 3, 2026

Version History

v2
Last enriched 17h ago
v2Tier C17h ago

Updated severity to CRITICAL, noted no exploit available, and added 'managed service' tag.

severitytags
via VulDB
v11d ago

Initial creation