https://aretiq.ai/tags/installapp/Recent content in Installapp on Aretiq AIHugoen-usMon, 22 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260622-cve-2026-45502-microsoft-exchange-server-ews-installapp-server-side-request-forgery/Mon, 22 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260622-cve-2026-45502-microsoft-exchange-server-ews-installapp-server-side-request-forgery/<h2 id="1-overview">1. Overview</h2> <p>A server-side request forgery (SSRF) vulnerability exists in Microsoft Exchange Server&rsquo;s Exchange Web Services (EWS) InstallApp operation. When an authenticated user submits a ManifestUrl parameter via the InstallApp SOAP request, Exchange downloads the manifest from the supplied URL. The intranet address check that prevents SSRF is gated on the <code>isBposUser</code> flag, which is <code>false</code> for all on-premises Exchange deployments. This means the check is bypassed entirely in non-cloud environments, allowing an authenticated user to force the Exchange server to make HTTP requests to arbitrary internal or external URLs. Microsoft addressed this vulnerability in the June 2026 security update (KB5094139).</p>