← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-21529 — Actively Exploited: Exchange Server (Microsoft)

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

CVE IDCVE-2023-21529
VendorMicrosoft
ProductExchange Server
Vulnerability nameMicrosoft Exchange Server Deserialization of Untrusted Data Vulnerability
Date added2026-04-13
Remediation due2026-04-27
Known ransomware useKnown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionMicrosoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →