CVE-2021-26855

CRITICAL
2021-03-03 [email protected]
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Dec 18, 2025 - 02:00 cisa
CISA KEV
PoC Detected
Dec 18, 2025 - 02:00 vuln.today
Public exploit code
Patch Released
Dec 18, 2025 - 02:00 nvd
Patch available
CVE Published
Mar 03, 2021 - 00:15 nvd
CRITICAL 9.1

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

Analysis

Microsoft Exchange Server contains a server-side request forgery (SSRF) vulnerability known as 'ProxyLogon' that allows unauthenticated attackers to access Exchange backend services, chain with other vulnerabilities for full server compromise. The most impactful Exchange vulnerability in history.

Technical Context

The CWE-918 SSRF in Exchange's autodiscover endpoint allows an unauthenticated attacker to send crafted requests that the Exchange server forwards to its backend services as SYSTEM. This bypass of authentication is chained with CVE-2021-26857 (deserialization), CVE-2021-26858, and CVE-2021-27065 (file write) for complete server compromise.

Affected Products

['Microsoft Exchange Server 2013', 'Microsoft Exchange Server 2016', 'Microsoft Exchange Server 2019']

Remediation

Apply Microsoft security updates immediately. Run the MSERT tool to detect web shells. Check for indicators of compromise (aspx files in OWA/ECP directories, suspicious PowerShell execution). Assume compromise if running vulnerable versions during the exploitation window.

Priority Score

219
Low Medium High Critical
KEV: +50
EPSS: +94.0
CVSS: +46
POC: +20

Share

CVE-2021-26855 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy