Jun 2026: Microsoft Exchange Server Spoofing Vulnerability
CVE-2026-45500 Published on June 9, 2026

Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Vendor Advisory NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-45500 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2026-45500

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Exchange Server 2019

Microsoft Exchange Server Se

Microsoft Exchange Server 2016

Affected Versions

Microsoft Exchange Server 2016 Cumulative Update 23:

Version 15.01.0.0 and below 15.01.2507.069 is affected.

Microsoft Exchange Server 2019 Cumulative Update 14:

Version 15.02.0.0 and below 15.02.1544.041 is affected.

Microsoft Exchange Server 2019 Cumulative Update 15:

Version 15.02.0.0 and below 15.02.1748.046 is affected.

Microsoft Exchange Server Subscription Edition RTM:

Version 15.02.0.0 and below 15.02.2562.043 is affected.

Jun 2026: Microsoft Exchange Server Spoofing VulnerabilityCVE-2026-45500 Published on June 9, 2026

Weakness Type

What is a XSS Vulnerability?

Products Associated with CVE-2026-45500

Affected Versions

Jun 2026: Microsoft Exchange Server Spoofing Vulnerability
CVE-2026-45500 Published on June 9, 2026