CVE-2026-55006 is a Microsoft Exchange Server Elevation of Privilege vulnerability described as insufficient granularity of access control. It has a CVSS v3.1 base score of 7.8 (High) and a temporal score of 6.8, with a local attack vector, low attack complexity, low privileges required, and no user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity listed as UNPROVEN. Because the vector is local rather than network-based, enterprise risk is more concentrated on systems where untrusted local access is possible rather than on internet-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege with HIGH confidentiality, HIGH integrity, and HIGH availability impacts. - Exploitation likelihood: Exploitation Less Likely; local vector, LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High technical severity due to the 7.8 CVSS score, but lower exposure-driven risk than a network-reachable issue because exploitation requires local access. Affected Exchange Server deployments should be treated as important, especially where local access is present. - Patch status: available; customer action required. Affected systems: - Microsoft Exchange Server