KEV · Actively exploited

CVE-2023-21529

HIGH 8.8 KEV Published on 2023-02-14

Microsoft Exchange Server Remote Code Execution Vulnerability

EPSS 27.55% moderate exploit risk percentile 96.5%

CISA Known Exploited Vulnerability

Added to KEV: 2026-04-13
Remediation deadline: 2026-04-27
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware: Yes, known ransomware campaign