CVE-2021-26855

nvd nist nuclei

Published: Mar 3, 2021Modified: Dec 18, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD (Secondary)

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

Affected (24)

Products: Microsoft: Exchange Server

1 product

Exchange Server

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Microsoft Exchange Server	Version 2013 cumulative_update_21
Microsoft Exchange Server	Version 2013 cumulative_update_22
Microsoft Exchange Server	Version 2013 cumulative_update_23
Microsoft Exchange Server	Version 2016 cumulative_update_10
Microsoft Exchange Server	Version 2016 cumulative_update_11
Microsoft Exchange Server	Version 2016 cumulative_update_12
Microsoft Exchange Server	Version 2016 cumulative_update_13
Microsoft Exchange Server	Version 2016 cumulative_update_14
Microsoft Exchange Server	Version 2016 cumulative_update_15
Microsoft Exchange Server	Version 2016 cumulative_update_16
Microsoft Exchange Server	Version 2016 cumulative_update_17
Microsoft Exchange Server	Version 2016 cumulative_update_18
Microsoft Exchange Server	Version 2016 cumulative_update_19
Microsoft Exchange Server	Version 2016 cumulative_update_8
Microsoft Exchange Server	Version 2016 cumulative_update_9
Microsoft Exchange Server	Version 2019
Microsoft Exchange Server	Version 2019 cumulative_update_1
Microsoft Exchange Server	Version 2019 cumulative_update_2
Microsoft Exchange Server	Version 2019 cumulative_update_3
Microsoft Exchange Server	Version 2019 cumulative_update_4
Microsoft Exchange Server	Version 2019 cumulative_update_5
Microsoft Exchange Server	Version 2019 cumulative_update_6
Microsoft Exchange Server	Version 2019 cumulative_update_7
Microsoft Exchange Server	Version 2019 cumulative_update_8

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (11)

http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855

Source: secure@microsoft.com

PatchVendor Advisory

http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26855

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.