Known Vulnerabilities for Exchange Server by Microsoft
Listed below are 10 of the newest known vulnerabilities associated with "Exchange Server" by "Microsoft".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-55653 json | A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Excha... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-55199 json | libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG... | Not Provided | 2026-06-17 | 2026-06-18 |
| CVE-2026-47631 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an u... | Not Provided | 2026-06-09 | 2026-06-10 |
| CVE-2026-45583 json | Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to exe... | Not Provided | 2026-06-09 | 2026-06-17 |
| CVE-2026-45504 json | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a ne... | Not Provided | 2026-06-09 | 2026-06-10 |
| CVE-2026-45503 json | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a ... | Not Provided | 2026-06-09 | 2026-06-10 |
| CVE-2026-45502 json | Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a ... | Not Provided | 2026-06-09 | 2026-06-10 |
| CVE-2026-45501 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an u... | Not Provided | 2026-06-09 | 2026-06-10 |
| CVE-2026-45500 json | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an u... | Not Provided | 2026-06-09 | 2026-06-17 |
| CVE-2026-44428 json | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the clie... | Not Provided | 2026-05-14 | 2026-05-15 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Exchange Server | 5.5 | |||
| Application | Microsoft | Exchange Server | 5.5 | |||
| Application | Microsoft | Exchange Server | 5.5 | |||
| Application | Microsoft | Exchange Server | 5.5 | |||
| Application | Microsoft | Exchange Server | 5.5 | |||
| Application | Microsoft | Exchange Server | 5.5 | |||
| Application | Microsoft | Exchange Server | 5.0 | |||
| Application | Microsoft | Exchange Server | 5.0 | |||
| Application | Microsoft | Exchange Server | 5.0 | |||
| Application | Microsoft | Exchange Server | 5.0 | |||
| Application | Microsoft | Exchange Server | 4.0 | |||
| Application | Microsoft | Exchange Server | 4.0 | |||
| Application | Microsoft | Exchange Server | 4.0 | |||
| Application | Microsoft | Exchange Server | 4.0 | |||
| Application | Microsoft | Exchange Server | 4.0 | |||
| Application | Microsoft | Exchange Server | 4.0 | |||
| Application | Microsoft | Exchange Server | 4.0 | |||
| Application | Microsoft | Exchange Server | 2019 | |||
| Application | Microsoft | Exchange Server | 2019 | |||
| Application | Microsoft | Exchange Server | 2019 |