CVE-2023-21529βMicrosoft Exchange Server Deserialization of Untrusted Data Vulnerability
PUBLISHEDvulnerability record
2026-04-13 Β· last modified April 21, 2026
Metadata
Vulnerability Name
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Description
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Known To Be Used in Ransomware Campaigns?
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.