CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 89.5%● KEV

In short

A critical flaw in Microsoft Exchange Server allows attackers to run malicious code on vulnerable servers without needing valid credentials. This puts email systems and sensitive data at serious risk.

Technical detail

An unauthenticated remote attacker can exploit improper validation of user input in the Exchange Server backend to execute arbitrary code with system privileges. The vulnerability requires network access to the Exchange service but no prior authentication; successful exploitation leads to complete system compromise.

Summary generated and translated by AI from the official description.

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Affected products

Microsoft · Microsoft Exchange Server 2013 Cumulative Update 21 Microsoft · Microsoft Exchange Server 2013 Cumulative Update 22 Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 10 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 11 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 12 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 13 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 14 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 15 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 16 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 17 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 18 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 8 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 9 Microsoft · Microsoft Exchange Server 2019 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 1 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 2 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 3 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 4 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 5 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 6 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 7 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 8

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858