CVE-2026-21527

MEDIUM

Microsoft Exchange Server - Info Disclosure

Title source: llm

Description

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21527

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-451 CWE-345 CWE-1286

Status published

Products (7)

microsoft/exchange_server 2016 cumulative_update_23

microsoft/exchange_server 2019 cumulative_update_14 (2 CPE variants)

microsoft/exchange_server < 15.02.2562.037

Microsoft/Microsoft Exchange Server 2016 Cumulative Update 23 15.01.0.0 - 15.01.2507.066

Microsoft/Microsoft Exchange Server 2019 Cumulative Update 14 15.02.0.0 - 15.02.1544.039

Microsoft/Microsoft Exchange Server 2019 Cumulative Update 15 15.02.0.0 - 15.02.1748.043

Microsoft/Microsoft Exchange Server Subscription Edition RTM 15.02.0.0 - 15.02.2562.037

Published Feb 10, 2026

Tracked Since Feb 18, 2026