
PoC Released for Microsoft Exchange EWS SSRF Flaw Targeting Internal Services
A proof-of-concept (PoC) exploit has been publicly released for a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server’s Exchange Web Services (EWS) component, tracked as CVE-2026-45502. The flaw allows authenticated attackers to force Exchange servers to make outbound HTTP requests to arbitrary internal or external URLs, enabling internal network reconnaissance and access to protected […]
The post PoC Released for Microsoft Exchange EWS SSRF Flaw Targeting Internal Services appeared first on Cyber Security News.