cve-2026-45500

CVE-2026-45500 is a Microsoft Exchange Server spoofing vulnerability disclosed in the June 9, 2026 security updates for Exchange Server Subscription Edition and Exchange Server 2019 CU15. Microsoft has acknowledged the issue and shipped fixes that list it by name. Administrators should treat the patching as a platform-maintenance event rather than a single-CVE fix. The vulnerability is part of a cluster of Exchange flaws patched in the same release, and the fix is tied to supported Exchange versions. For defenders, the confidence level is sufficient to act promptly.