Vulnerability intelligence
CVE-2023-21529
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
8.8
High
EPSS — Exploit Probability
27%
Riskier than 96% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-27
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-27.
7 articles across 6 outlets · first covered Apr 7, 2026 · latest Apr 14, 2026
Associated threat actors
Coverage timeline
-
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilitieswww.securityweek.com · Apr 14, 2026
-
CISA Adds Critical Adobe, Microsoft, Fortinet Flaws to KEV Catalogsecurityaffairs.com · Apr 14, 2026
-
CISA adds six KEV flaws amid active Fortinet exploitsthehackernews.com · Apr 14, 2026
-
CISA adds Microsoft Exchange flaw CVE-2023-21529 to KEV listwww.cisa.gov · Apr 13, 2026
-
CISA warns of active exploit in Microsoft Exchange CVE‑2023‑21529cisa.gov · Apr 13, 2026
-
Storm-1175 Deploys Medusa Ransomware at 'High Velocity'www.darkreading.com · Apr 7, 2026
-
China linked Medusa gang uses zero days to hit UK health, financethehackernews.com · Apr 7, 2026