CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability. Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
- CISA KEV-listed (remediation due 2026-04-27)
- used in ransomware campaigns
- EPSS 27.0% (96.5% percentile)