Live Cybersecurity News Ticker | Codekeeper

Microsoft Exchange SSRF Vulnerability Exposed — PoC Exploit Now Public

Written by Content Team | Jul 4, 2026 12:22:00 PM

Security researchers at HawkTrace have disclosed a high-severity SSRF vulnerability in Microsoft Exchange, tracked as CVE-2026-45504 with a CVSS score of 8.8. The flaw lets authenticated low-privileged users read arbitrary files from on-premises Exchange servers — think credentials, config files, and internal service data.

The attack exploits how Exchange handles attachment previews via its OneDriveProUtilities component, passing user-controlled URLs into HTTP requests without proper validation. A simple file:// URI with a fragment character (#) bypasses protections entirely.

A working PoC is now live on GitHub, making patching urgent. Organizations should apply Microsoft's updates and block Exchange from reaching untrusted external endpoints immediately.

Source: Cybersecurity News