CVE-2024-12348

A zero-click vulnerability in Microsoft Outlook and Exchange Online is being actively exploited by attackers, allowing unauthorized email account access without user interaction.

Severity

critical

CVSS Score

9.1 / 10

Exploitation

Actively exploited

Published

Feb 7, 2026

Affected Products

›Microsoft Outlook Web App
›Exchange Online
›Outlook 2021

Full Analysis

Microsoft Outlook Zero-Click Vulnerability Actively Exploited — Update Immediately

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →

← All threat reports All articles