CVE-2021-26858
ENISA EUVD: EUVD-2021-13642 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
13 articles
Published: 2021-03-02
EPSS Score
Source: FIRST.org · 2026-05-23
79.97%
probability
This CVE has a 79.97% probability
of being exploited in the next 30 days.
0%
Top 99.1th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Temporal
Exploit Code Maturity
Functional
Remediation Level
Official Fix
Report Confidence
Confirmed
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CVSS v2 (legacy)
6.8
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:M/Au:N/C:P/I:P/A:P
Description
NVDMicrosoft Exchange Server Remote Code Execution Vulnerability
Affected Products
Microsoft
Microsoft Exchange Server 2019
15.02.0
Microsoft
Microsoft Exchange Server 2013 Cumulative Update 22
15.00.0
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 2
15.02.0
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 13
15.01.0
Microsoft
Microsoft Exchange Server 2013 Cumulative Update 23
15.00.0
Google Project Zero
Patched
March 2, 2021
Reported by
Microsoft Threat Intelligence Center
Root Cause Analysis
???
Signal Intelligence
Confidence
92%
EPSS
79.97%
CVSS v3.1
7.8
Mentions
13
Last Seen
Oct 07, 2022
CNA Information
CNA Assigner
microsoft
CNA Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Analyst Note
CVE-2021-26858 is a confirmed zero-day in Microsoft Exchange Server 2019 with HIGH severity (CVSS 7.8) and documented RCE capability, corroborated by Google Project Zero research and CERT-EU security advisory. The vulnerability has sufficient evidence of active exploitation and technical validation to warrant high confidence in its confirmed status.
Threat Actors 39
APT 29
apt_group
Information theft and espionage
🇷🇺 RU
WIZARD SPIDER
apt_group
Financial gain
🇷🇺 RU
Cobalt
apt_group
Financial crime
🇷🇺 RU
APT 28
apt_group
Information theft and espionage
🇷🇺 RU
FIN7
apt_group
Financial crime
🇷🇺 RU
EMISSARY PANDA
apt_group
Information theft and espionage
🇨🇳 CN
CHRYSENE
apt_group
Information theft and espionage
🇮🇷 IR
Harvester
apt_group
Information theft and espionage
Unknown
GOLD CABIN
apt_group
🇷🇺 RU
Hacking Team
apt_group
🇮🇹 IT
GhostEmperor
apt_group
Information theft and espionage
🇨🇳 CN
Tick
apt_group
Information theft and espionage
🇨🇳 CN
Infy
apt_group
Information theft and espionage
🇮🇷 IR
GCHQ
apt_group
Information theft and espionage
🇬🇧 GB
Cuboid Sandstorm
apt_group
🇮🇷 IR
Tortoiseshell
apt_group
Information theft and espionage
🇮🇷 IR
[Unnamed group]
apt_group
🇨🇳 CN
Fox Kitten
apt_group
Information theft and espionage
🇮🇷 IR
Attor
apt_group
🇷🇺 RU
PhantomCore
apt_group
🇷🇺 RU
Gray Sandstorm
apt_group
🇮🇷 IR
APT 22
apt_group
Information theft and espionage
🇨🇳 CN
Earth Baxia
apt_group
Information theft and espionage
🇨🇳 CN
Operation Cobalt Whisper
apt_group
Financial crime
🇨🇳 CN
UNC4841
apt_group
Information theft and espionage
🇨🇳 CN
APT 6
apt_group
Information theft and espionage
🇨🇳 CN
Tonto Team
apt_group
Information theft and espionage
🇨🇳 CN
Mikroceen
apt_group
Information theft and espionage
🇨🇳 CN
CyberAv3ngers
apt_group
Sabotage and destruction
🇮🇷 IR
Red October
apt_group
🇷🇺 RU
Night Dragon
apt_group
Information theft and espionage
🇨🇳 CN
The White Company
apt_group
Information theft and espionage
🇨🇳 CN
Calypso
apt_group
Information theft and espionage
🇨🇳 CN
Operation Parliament
apt_group
Information theft and espionage
🇵🇰 PK
Shadow Network
apt_group
Information theft and espionage
🇨🇳 CN
Mana Team
apt_group
🇨🇳 CN
Operation Titan Rain
apt_group
Information theft and espionage
🇨🇳 CN
APT 5
apt_group
Information theft and espionage
🇨🇳 CN
Beijing Group
apt_group
Information theft and espionage
🇨🇳 CN
Triage Info
Decided atMar 03, 2026
Published DateMar 02, 2021