A vulnerability in Microsoft Exchange Online allows an already-authenticated attacker to elevate their privileges beyond what they should have access to. Because Exchange Online is a widely used cloud email platform, a successful exploit could give an attacker significantly greater control over mailboxes, organisational data, or administrative functions. Microsoft has classified this as a network-exploitable issue, meaning no physical access is required.

Security Architect’s Take: Review audit logs in Exchange Online for any anomalous privilege changes or unexpected admin role assignments, and ensure least-privilege principles are enforced across all Exchange Online accounts. Monitor the MSRC advisory for patch availability or mitigations and prioritise remediation given the broad blast radius of a compromised email platform.

Original advisory: CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability