KEV Entry: CVE-2021-26855

Entry Details

Confirmed Exploited

Vulnerability ID

CVE-2021-26855

Status Updated At

2021-11-03 00:00 UTC

Timestamps

First Seen At

2021-11-03

Asserted At

2021-11-03

Scope

Notes

KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11 | CVSS: 9.1 (CRITICAL) | EPSS: 0.99999 | Used in malware: yes | Not yet in CISA KEV: False

References

{'id': 'CVE-2021-26855', 'url': 'https://www.cve.org/CVERecord?id=CVE-2021-26855'}
{'id': 'kevintel', 'url': 'https://kevintel.com/vuln/CVE-2021-26855'}

Entry UUID

689a1567-2b26-4e7f-9bf7-77e3a951a6c7

Catalog Origin UUID

caeb2787-0d58-4236-9039-7c86c3e566f3

Created

2026-06-23 11:13 UTC

Last Updated

2026-06-23 11:13 UTC

Evidence

1

Type Source Signal Confidence Details GCVE Metadata

Type	Source	Signal	Confidence	Details	GCVE Metadata
public_report	kevintel	confirmed_compromise	0.70	View details { "added_date": "2021-11-03T00:00:00.000Z", "ahead_of_cisa_kev": null, "cvss_score": 9.1, "cvss_severity": "CRITICAL", "epss_percentile": 0.99997, "epss_score": 0.99999, "feed": "KEVIntel (kevintel.com)", "not_yet_in_cisa_kev": false, "product": "Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11", "title": "Microsoft Exchange Server Remote Code Execution Vulnerability", "used_in_malware": "yes", "vendor": "Microsoft" }	-

public_report

kevintel

confirmed_compromise

0.70

View details

{
  "added_date": "2021-11-03T00:00:00.000Z",
  "ahead_of_cisa_kev": null,
  "cvss_score": 9.1,
  "cvss_severity": "CRITICAL",
  "epss_percentile": 0.99997,
  "epss_score": 0.99999,
  "feed": "KEVIntel (kevintel.com)",
  "not_yet_in_cisa_kev": false,
  "product": "Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11",
  "title": "Microsoft Exchange Server Remote Code Execution Vulnerability",
  "used_in_malware": "yes",
  "vendor": "Microsoft"
}

-

Export Options

JSON Object JSON API View Full Catalog