Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3226 articles · 170368 vulns · 37/41 feeds (7d)
← Back to list
8.8
CVE-2026-54998PATCHED
microsoft · microsoft exchange online

Microsoft Exchange Online Elevation of Privilege Vulnerability

Description

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Affected Products

VendorProductVersions
microsoftmicrosoft exchange online-

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftexchangecert_advisory90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54998(vendor-advisory, patch)

Related News (3 articles)

Tier B
BSI Advisories10h ago
[NEU] [hoch] Microsoft Exchange Online: Schwachstelle ermöglicht Privilegieneskalation
→ No new info (linked only)
Tier C
VulDB16h ago
CVE-2026-54998 | Microsoft Exchange Online authorization
→ No new info (linked only)
Tier A
Microsoft MSRC1d ago
CVE-2026-54998 Microsoft Exchange Online Elevation of Privilege Vulnerability
→ No new info (linked only)
CVSS 3.18.8 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA KEV❌ No
Actively exploited❌ No
Patch available
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54998
CWECWE-863
PublishedJul 2, 2026
Last enriched16h agov2
Tags
managed service
Trending Score44
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-33825EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 134
HIGHCVE-2026-45659EXPKEV
Microsoft SharePoint Remote Code Execution Vulnerability
Trending: 129
HIGHCVE-2026-50521EXP
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Trending: 53
CRITICALCVE-2026-58289EXP
Trending: 48
HIGHCVE-2026-58297EXP
Trending: 45

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 2, 2026
Patch Available
Jul 2, 2026
Discovered by ZDM
Jul 2, 2026
Updated: severity, tags
Jul 3, 2026

Version History

v2
Last enriched 16h ago
v2Tier C16h ago

Updated severity to CRITICAL, noted no exploit available, and added 'managed service' tag.

severitytags
via VulDB
v122h ago

Initial creation