CVE-2026-54998

HIGH

Microsoft Exchange Online Elevation of Privilege Vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-54998. PoCs published by sentinel-aidefense.

AI-analyzed exploit summary The repository claims to provide a PoC for CVE-2026-54998, an incorrect authorization vulnerability in Microsoft Exchange Online, but contains no actual exploit code. Instead, it uses a placeholder image and directs users to an external TinyURL link, which is a common social engineering tactic.

Description

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Exploits (1)

github SUSPICIOUS
by sentinel-aidefense · poc
https://github.com/sentinel-aidefense/CVE-2026-54998-exp

The repository claims to provide a PoC for CVE-2026-54998, an incorrect authorization vulnerability in Microsoft Exchange Online, but contains no actual exploit code. Instead, it uses a placeholder image and directs users to an external TinyURL link, which is a common social engineering tactic.

Classification
Suspicious 98%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Exchange Online (all versions prior to July 3, 2026 patch)
Auth required
Prerequisites: Authenticated low-privilege user account in Microsoft Exchange Online
mistral-large-3 · analyzed Jul 05, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
Microsoft Exchange Online Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54998

Scores

CVSS v3 8.8
EPSS 0.0063
EPSS Percentile 46.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (2)
microsoft/exchange_online
Microsoft/Microsoft Exchange Online -
Published Jul 02, 2026
Tracked Since Jul 03, 2026