CVE-2026-54998
HIGHMicrosoft Exchange Online Elevation of Privilege Vulnerability
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-54998. PoCs published by sentinel-aidefense.
AI-analyzed exploit summary The repository claims to provide a PoC for CVE-2026-54998, an incorrect authorization vulnerability in Microsoft Exchange Online, but contains no actual exploit code. Instead, it uses a placeholder image and directs users to an external TinyURL link, which is a common social engineering tactic.
Description
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
Exploits (1)
The repository claims to provide a PoC for CVE-2026-54998, an incorrect authorization vulnerability in Microsoft Exchange Online, but contains no actual exploit code. Instead, it uses a placeholder image and directs users to an external TinyURL link, which is a common social engineering tactic.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H