CVE-2021-26858
HIGH KEV RANSOMWAREMicrosoft Exchange Server - Remote Code Execution
Title source: llmExploitation Summary
CVE-2021-26858 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns.
Description
Microsoft Exchange Server Remote Code Execution Vulnerability
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858
Scores
CVSS v3
7.8
EPSS
0.7324
EPSS Percentile
98.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-03-02
InTheWild.io
2021-03-02
ENISA EUVD
EUVD-2021-13642
Ransomware Use
Confirmed
Status
published
Products (4)
microsoft/exchange_server
2010 sp3
microsoft/exchange_server
2013 cumulative_update_22 (3 CPE variants)
microsoft/exchange_server
2016 cumulative_update_10 (12 CPE variants)
microsoft/exchange_server
2019 (9 CPE variants)
Published
Mar 03, 2021
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026