CVE-2021-26858: Microsoft Exchange Server Remote Code Execution

Microsoft Exchange Server Remote Code Execution Vulnerability. Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

• CISA KEV-listed (remediation due 2022-05-03)
• used in ransomware campaigns
• EPSS 73.2% (98.8% percentile)

Detection rules

• CVE-2021-26858 Exchange Exploitation high
• ProxyLogon Reset Virtual Directories Based On IIS Log critical

Related briefings

• HAFNIUM's ProxyLogon Chain Triggers 44,000 Exploitation Attempts from 1,600+ IPs Within Weeks of Disclosure 2026-02-16

Browse the CVE database

Read the full analysis on IntelFusions