CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

CVE ID

CVE-2023-21529

Vulnerability Name

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

Project: Microsoft
Product: Exchange Server

Date

Date Added: 2026-04-13
Due Date: 2026-04-27

Description

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

CVE ID

Vulnerability Name

Date

Description

Known To Be Used in Ransomware Campaigns?

Action

Additional Notes

Related Security News

More CVEs Info

Tags

Author

Stats

Published

You Might Also Like

The Windows Bug That Hung Our CI Forever (And What Node's socket.end() Won't Tell You)

I built a self-correcting agent with Hindsight; here is how.

Fabric OneLake shortcuts vs ADLS Gen2 mounts: what actually works in production

Persist AI Agent Memory in ASP.NET Core (Microsoft Agent Framework)

I replaced my scratchpad with Hindsight and it worked.

Datacenter Emissions Secrecy: EU Built Transparency, Hid it