CVE-2021-28482

HIGH EXPLOITED RANSOMWARE

Microsoft Exchange Server - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2021-28482 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including Shadow0ps, KevinWorst.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-28482, a deserialization vulnerability in Microsoft Exchange Server. The exploit leverages a crafted SOAP request to achieve remote code execution by manipulating serialized data in the Exchange server's calendaring functionality.

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

Exploits (2)

nomisec WORKING POC 46 stars

by Shadow0ps · remote-auth

https://github.com/Shadow0ps/CVE-2021-28482-Exchange-POC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-28482, a deserialization vulnerability in Microsoft Exchange Server. The exploit leverages a crafted SOAP request to achieve remote code execution by manipulating serialized data in the Exchange server's calendaring functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Exchange Server 2016, 2019

Auth required

Prerequisites: Valid credentials for Exchange Server · Network access to the target Exchange Server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SUSPICIOUS

by KevinWorst · poc

https://github.com/KevinWorst/CVE-2021-28482_Exploit

View Code ZIP pw:eip

The repository contains no exploit code or technical details, only a GIF and a Telegram link, which is characteristic of social engineering lures.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28482

Scores

CVSS v3 8.8

EPSS 0.8334

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-08-17

Ransomware Use Confirmed

Status published

Products (3)

microsoft/exchange_server 2013 cumulative_update_23

microsoft/exchange_server 2016 cumulative_update_19 (2 CPE variants)

microsoft/exchange_server 2019 cumulative_update_8 (2 CPE variants)

Published Apr 13, 2021

Tracked Since Feb 18, 2026