CVE-2026-21527
Microsoft Exchange Server Spoofing Vulnerability
In short
Microsoft Exchange Server displays misleading information in its user interface, allowing attackers to trick users into believing false information. This can be exploited remotely to impersonate legitimate messages or actions.
Technical detail
A UI misrepresentation vulnerability in Microsoft Exchange Server enables attackers to spoof critical information over the network without authentication. The attack leverages improper display of security-relevant data in the user interface, potentially leading to unauthorized access or credential theft through social engineering.
Summary generated and translated by AI from the official description.
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 14Microsoft · Microsoft Exchange Server 2019 Cumulative Update 15Microsoft · Microsoft Exchange Server Subscription Edition RTMWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →