CVE-2026-26137

CVE-2026-26137 — Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized at

📅 2026-03-19

🔴 Critical 🔥 No NVD Exploit Microsoft CVSS 9.9 🎯 EPSS 0.04%

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

Microsoft Exchange (2016 CU23/2019 CU14)

Exploit

CVE-2026-26137

NVD

Microsoft Patch Tuesday