Microsoft Exchange Online Information Disclosure (CVE-2026-48579): Unauthorized Access to Email and Collaboration Data

nick

Microsoft Exchange Online Information Disclosure (CVE-2026-48579): Unauthorized Access to Email and Collaboration Data

by

An improper authorization vulnerability in Microsoft Exchange Online, tracked as CVE-2026-48579, allows an unauthorised attacker to disclose information over a network. The vulnerability carries a CVSS score of 9.1 and affects Microsoft’s cloud-hosted email and collaboration platform used by millions of organisations worldwide.

What Is the Vulnerability?

CVE-2026-48579 is an improper authorization vulnerability in Exchange Online. The flaw allows an attacker who should not have access to certain information to bypass authorization controls and disclose data. Exchange Online processes sensitive corporate communications including emails, attachments, calendar entries, contacts, and meeting details — unauthorised information disclosure at this layer can expose confidential business communications, intellectual property, financial data, and personal information.

Dutch security media has additionally reported critical vulnerabilities in Exchange Online and Microsoft Copilot that enabled data theft, indicating a broader pattern of authorization flaws in Microsoft 365 services that may be related.

  • CVSS v3.1 Score: 9.1 (Critical)
  • CWE: CWE-285 (Improper Authorization)
  • Attack Vector: Network (AV:N)
  • Privileges Required: None (PR:N)

Which Versions Are Affected?

Microsoft Exchange Online — Microsoft’s cloud-hosted email service. On-premises Exchange deployments should check the Microsoft advisory for applicability.

Is It Being Exploited in the Wild?

No active exploitation has been publicly confirmed at the time of writing. However, the CVSS 9.1 score on a platform that holds the most sensitive organisational communications makes proactive verification essential.

What Is the Fix?

As a cloud service, Microsoft has applied the fix to Exchange Online. Verify through the Microsoft 365 admin center or Azure support that your tenant is protected. The advisory is at:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48579

Recommendations

Verify Exchange Online update status. Microsoft applies cloud-side patches automatically, but verify with your Microsoft 365 administrator that the fix has been applied.

Review Exchange Online audit logs. Check the Microsoft 365 Unified Audit Log for unusual mailbox access patterns, unexpected administrative actions, or data export operations during the vulnerable window.

Audit Copilot access permissions. Given the related Copilot data theft vulnerabilities reported by Dutch security media, review which users and groups have Copilot access and verify that data access permissions align with the principle of least privilege.

References

This advisory was first covered in the broader Vulnerability Intelligence Report — June 5, 2026.

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!