CVE-2021-26858

HIGH KEV RANSOMWARE

Microsoft Exchange Server - Remote Code Execution

Title source: rule

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

References (2)

Scores

CVSS v3 7.8
EPSS 0.7448
EPSS Percentile 98.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-03-02
InTheWild.io 2021-03-02
ENISA EUVD EUVD-2021-13642
Ransomware Use Confirmed
Status published
Products (4)
microsoft/exchange_server 2010 sp3
microsoft/exchange_server 2013 cumulative_update_22 (3 CPE variants)
microsoft/exchange_server 2016 cumulative_update_10 (12 CPE variants)
microsoft/exchange_server 2019 (9 CPE variants)
Published Mar 03, 2021
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026