CVE-2021-26858

Summary

Microsoft Exchange Server Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Exchange Server 201915.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2013 Cumulative Update 2215.00.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 215.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1315.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2013 Cumulative Update 2315.00.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 315.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1415.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 415.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1515.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 515.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 615.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1615.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1715.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 715.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1815.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1915.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 815.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2013 Cumulative Update 2115.00.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1215.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 815.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 115.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 915.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1015.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1115.01.0 < publicationaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References