Cyber Resilience

CVE-2021-26858

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 03 March 2021

Published
03 March 2021
Modified
18 December 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7324 98.8th percentile
Risk Priority 80 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-26858 is a high-severity an unspecified weakness vulnerability in Microsoft Exchange Server. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

Microsoft Exchange Server is affected by a remote code execution vulnerability tracked as CVE-2021-26858. The flaw received a CVSS 3.1 base score of 7.8 with an attack vector of local access, low attack complexity, no privileges required, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.

An attacker with the ability to interact with a vulnerable system through a local vector can leverage the issue to execute arbitrary code. Because no privileges are needed and complexity is low, successful exploitation grants the attacker full control over affected components without additional authentication.

Microsoft's security advisory and the CISA Known Exploited Vulnerabilities catalog both reference this CVE, indicating that official patches and mitigation guidance are available through the Microsoft Security Response Center. The inclusion in CISA's catalog confirms that the vulnerability has been exploited in real-world attacks.

EU & UK References

Vulnerability details

Microsoft Exchange Server Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
exchange server
2010, 2013, 2016, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch that eliminates the RCE flaw in Exchange Server.

prevent

Enforces secure configuration settings that can disable or restrict the vulnerable Exchange components prior to patching.

detect

Verifies integrity of Exchange binaries and detects unauthorized code introduced through exploitation of the flaw.

References