Skip to content
← Browse CVEs

CVE-2021-26855

UnscoredEPSS 100.0%CISA KEVCWE-918 · Server-Side Request Forgery (SSRF)

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

References

NVD MITRE CVE.org CISA KEV

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: Critical (Critical 2)

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Lin WeiCurated

    SSRF that anchors the ProxyLogon chain → unauth RCE on on-prem Exchange. HAFNIUM and then everyone else dropped webshells en masse. If you were exposed in early 2021, assume compromise and hunt.

  • 0
    Remediation · Diego RamírezCurated

    Apply the Exchange security updates; if you were unpatched during the mass-exploitation window, do IR — look for aspx webshells in OAB/ECP paths.