{"id":285798,"date":"2026-07-04T15:30:00","date_gmt":"2026-07-04T19:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/04\/microsoft-exchange-ssrf-vulnerability-details-released-along-with-public-poc-exploit\/"},"modified":"2026-07-04T18:10:25","modified_gmt":"2026-07-04T22:10:25","slug":"microsoft-exchange-ssrf-vulnerability-details-released-along-with-public-poc-exploit","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/04\/microsoft-exchange-ssrf-vulnerability-details-released-along-with-public-poc-exploit\/","title":{"rendered":"Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/exchange-ssrf-poc-exploit-released\/\">Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/exchange-ssrf-poc-exploit-released\/\">https:\/\/cybersecuritynews.com\/exchange-ssrf-poc-exploit-released\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-04 15:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">Security researchers from HawkTrace have disclosed technical details of a high-severity server-side request forgery (SSRF) vulnerability in Microsoft Exchange, tracked as CVE-2026-45504.<\/p>\n<p class=\"wp-block-paragraph\">The flaw, which carries a CVSS score of 8.8, allows authenticated, low-privileged users to read arbitrary files from vulnerable Exchange servers, raising serious concerns for enterprises relying on on-premises deployments.<\/p>\n<p class=\"wp-block-paragraph\">Microsoft Exchange is widely used for enterprise email, calendaring, and collaboration. Because of its central role in handling sensitive communications, vulnerabilities that allow unauthorized access to data can have a significant impact.<\/p>\n<p class=\"wp-block-paragraph\">In this case, the issue lies in how Exchange processes external URLs during attachment previews and when integrating with SharePoint services.<\/p>\n<p class=\"wp-block-paragraph\">According to the HawkTrace analysis, the vulnerability originates in the OneDriveProUtilities component, specifically within functions such as TryTwice and GetWacUrl.<\/p>\n<p class=\"wp-block-paragraph\">These functions make HTTP requests to retrieve WOPI (Web Application Open Platform Interface) data and access tokens for document previews.<\/p>\n<h2 id=\"h-exchange-ssrf-flaw-gets-public-poc-exploit\" class=\"wp-block-heading\"><strong>Exchange SSRF Flaw Gets Public PoC Exploit<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The core issue is that user-controlled input is passed directly into WebRequest.CreateHttp without sufficient validation.<\/p>\n<p class=\"wp-block-paragraph\">The attack begins when an authenticated user creates a specially crafted reference attachment using Exchange Web Services (EWS).<\/p>\n<p class=\"wp-block-paragraph\">This attachment includes a ProviderEndpointUrl pointing to an attacker-controlled server. When the victim accesses or previews the attachment, the Exchange server initiates a backend request to the attacker\u2019s server to retrieve WOPI metadata.<\/p>\n<p class=\"wp-block-paragraph\">The attacker then responds with a malicious WebApplicationUrl value. Instead of returning a standard HTTP or HTTPS URL, the response includes a file URI such as file:\/\/\/C:\/Windows\/win.ini.<\/p>\n<p class=\"wp-block-paragraph\">Normally, additional query parameters appended by Exchange would break the file path. However, the researchers demonstrated a simple&#8230;<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/exchange-ssrf-poc-exploit-released\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit https:\/\/cybersecuritynews.com\/exchange-ssrf-poc-exploit-released\/ Publish Date: 2026-07-04&#8230;<\/p>\n","protected":false},"author":1,"featured_media":285799,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"http:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/07\/Microsoft-Exchange-SSRF-Vulnerability-Details-Released-Along-With-Public-PoC-Exploit.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,89,57,27],"class_list":["post-285798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-flaw","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285798"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=285798"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285798\/revisions"}],"predecessor-version":[{"id":285800,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/285798\/revisions\/285800"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/285799"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=285798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=285798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=285798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}