CVE-2021-26857

Published Mar 3, 2021

Last updated 5 months ago

Exploit knownCVSS high 7.8
Microsoft Exchange Server
Network

Overview

Description
Microsoft Exchange Server Remote Code Execution Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed
Products
exchange_server

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
6.8
Impact score
6.4
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name
Microsoft Exchange Server Remote Code Execution Vulnerability
Exploit added on
Nov 3, 2021
Exploit action due
Apr 16, 2021
Required action
Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov
CWE-502
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-502

Social media

Hype score
Not currently trending

  1. Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +191397.67% - CVE-2021-27878 (Veritas Veritas..) +167.85% - CVE-2021-27877 (Veritas Veritas..) +151.55% - CVE-2021-27102 (Accellion File ..) +38.22% - CVE-2021-26857 (Exchang

    @DefusedCyber

    20 Oct 2025

    1792 Impressions

    7 Retweets

    18 Likes

    6 Bookmarks

    1 Reply

    1 Quote

  2. Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +184037.21% - CVE-2021-26857 (Exchange On-Pre..) +384.58% - CVE-2021-27878 (Veritas Veritas..) +202.15% - CVE-2021-27877 (Veritas Veritas..) +183.71% - CVE-2021-27102 (Accell

    @DefusedCyber

    13 Oct 2025

    12527 Impressions

    14 Retweets

    102 Likes

    47 Bookmarks

    1 Reply

    1 Quote

  3. Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-26857 (Exchange On-Pre..) +210.76% - CVE-2022-26500 (Veeam Backup & ..) +24.70% - CVE-2023-27532 (Veeam Backup & ..) +17.62% - CVE-2022-41352 (Zimbra Zimbra C..) +16.52% - CVE-2019-5591 (Forti

    @DefusedCyber

    29 Sept 2025

    33921 Impressions

    50 Retweets

    256 Likes

    138 Bookmarks

    3 Replies

    2 Quotes

  4. Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-26857 (Exchange On-Pre..) +210.76% - CVE-2022-26500 (Veeam Backup & ..) +24.70% - CVE-2015-2291 (IQVW32.sys (BYO..) +22.80% - CVE-2023-27532 (Veeam Backup & ..) +17.62% - CVE-2021-27876 (Verit

    @DefusedCyber

    22 Sept 2025

    10416 Impressions

    13 Retweets

    89 Likes

    63 Bookmarks

    1 Reply

    1 Quote

  5. Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +86627.50% - CVE-2019-5591 (FortiOS..) +44.14% - CVE-2021-26857 (Exchange On-Pre..) +32.05% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2021-27101 (Accellion File ..) +23.48

    @DefusedCyber

    11 Aug 2025

    652 Impressions

    2 Retweets

    8 Likes

    4 Bookmarks

    0 Replies

    1 Quote

Configurations

Related CVEs

  1. Qualcomm Multiple Chipsets Memory Corruption VulnerabilityCVE-2026-21385
  2. n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.CVE-2026-27577
  3. Broadcom VMware Aria Operations Command Injection VulnerabilityCVE-2026-22719
  4. Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails to validate the `Origin` header during the WebSocket handshake. This allows a remote attacker to bypass the Same Origin Policy (SOP) and establish a full-duplex WebSocket connection using a legitimate user's credentials (JSESSIONID). As of time of publication, it is unclear whether a fix is available.CVE-2025-68930
  5. Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.CVE-2025-67733

References

Sources include official advisories and independent security research.