{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21527", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-30T18:10:54.846Z", "datePublished": "2026-02-10T17:51:30.280Z", "dateUpdated": "2026-05-11T21:25:31.614Z"}, "containers": {"cna": {"title": "Microsoft Exchange Server Spoofing Vulnerability", "datePublic": "2026-02-10T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server_se:*:RTM:*:*:*:*:*:*", "versionStartIncluding": "15.02.0.0", "versionEndExcluding": "15.02.2562.037"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server_2016:*:cumulative_update_23:*:*:*:*:*:*", "versionStartIncluding": "15.01.0.0", "versionEndExcluding": "15.01.2507.066"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_15:*:*:*:*:*:*", "versionStartIncluding": "15.02.0.0", "versionEndExcluding": "15.02.1748.043"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_14:*:*:*:*:*:*", "versionStartIncluding": "15.02.0.0", "versionEndExcluding": "15.02.1544.039"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23", "platforms": ["x64-based Systems"], "versions": [{"version": "15.01.0.0", "lessThan": "15.01.2507.066", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 14", "platforms": ["x64-based Systems"], "versions": [{"version": "15.02.0.0", "lessThan": "15.02.1544.039", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 15", "platforms": ["x64-based Systems"], "versions": [{"version": "15.02.0.0", "lessThan": "15.02.1748.043", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server Subscription Edition RTM", "platforms": ["x64-based Systems"], "versions": [{"version": "15.02.0.0", "lessThan": "15.02.2562.037", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "lang": "en-US", "type": "CWE", "cweId": "CWE-451"}, {"description": "CWE-345: Insufficient Verification of Data Authenticity", "lang": "en-US", "type": "CWE", "cweId": "CWE-345"}, {"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input", "lang": "en-US", "type": "CWE", "cweId": "CWE-1286"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T21:25:31.614Z"}, "references": [{"name": "Microsoft Exchange Server Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21527"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T15:32:37.141565Z", "id": "CVE-2026-21527", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:33:25.661Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21527", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T15:32:37.141565Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:33:21.425Z"}}], "cna": {"title": "Microsoft Exchange Server Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23", "versions": [{"status": "affected", "version": "15.01.0.0", "lessThan": "15.01.2507.066", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 14", "versions": [{"status": "affected", "version": "15.02.0.0", "lessThan": "15.02.1544.039", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 15", "versions": [{"status": "affected", "version": "15.02.0.0", "lessThan": "15.02.1748.043", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server Subscription Edition RTM", "versions": [{"status": "affected", "version": "15.02.0.0", "lessThan": "15.02.2562.037", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-02-10T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21527", "name": "Microsoft Exchange Server Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity"}, {"lang": "en-US", "type": "CWE", "cweId": "CWE-1286", "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server_se:*:RTM:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.02.2562.037", "versionStartIncluding": "15.02.0.0"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server_2016:*:cumulative_update_23:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.01.2507.066", "versionStartIncluding": "15.01.0.0"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_15:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.02.1748.043", "versionStartIncluding": "15.02.0.0"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_14:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.02.1544.039", "versionStartIncluding": "15.02.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T18:10:09.884Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21527", "state": "PUBLISHED", "dateUpdated": "2026-05-11T18:10:09.884Z", "dateReserved": "2025-12-30T18:10:54.846Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-02-10T17:51:30.280Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:*:*:*:*:subscription:*:*:*", "matchCriteriaId": "54BA4F30-C932-4BBE-A8D6-456CDE767157", "versionEndExcluding": "15.02.2562.037", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*", "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*", "matchCriteriaId": "8C98993B-82A5-48CC-947F-896CEA0CDB7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_15:*:*:*:*:*:*", "matchCriteriaId": "7166BCE0-1D55-46B2-96B9-250AB4BB6291", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network."}], "id": "CVE-2026-21527", "lastModified": "2026-02-11T21:41:55.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-02-10T18:16:35.093", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21527"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-451"}, {"lang": "en", "value": "CWE-1286"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "product": "exchange_server_2016", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "product": "exchange_server_2019", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "product": "exchange_server_se", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.01.0.0,15.01.2507.066)"}}], "product": "microsoft_exchange_server_2016_cumulative_update_23", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.02.0.0,15.02.1544.039)"}}], "product": "microsoft_exchange_server_2019_cumulative_update_14", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.02.0.0,15.02.1748.043)"}}], "product": "microsoft_exchange_server_2019_cumulative_update_15", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.02.0.0,15.02.2562.037)"}}], "product": "microsoft_exchange_server_subscription_edition_rtm", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-15T16:29:35.899621+00:00", "value": {"mitigation_remediation": ["Implement the latest Microsoft Exchange Server security updates\u2014namely Cumulative Update\u00a023 for Exchange\u00a02016, Cumulative Update\u00a014 and 15 for Exchange\u00a02019, or the Subscription Edition RTM update\u2014directly from the Microsoft Security Response Center.", "After applying the update, confirm that the Exchange web interface correctly displays all security and configuration information, ensuring that spoofed notices or links cannot be displayed to users.", "For additional protection, restrict direct external access to Exchange servers using firewall rules or a reverse proxy, and enforce TLS for all client connections to mitigate the risk of man\u2011in\u2011the\u2011middle spoofing attempts."], "summary": {"action": "Apply patch", "impact": "Spoofing via UI misrepresentation in Microsoft Exchange Server"}, "threat_synthesis": {"affected_systems": "Affected Microsoft Exchange Server products include the 2016 Cumulative Update 23, and the 2019 Cumulative Update 14 and 15, as well as the Subscription Edition Release To Manufacturing (RTM) version. These updates cover versioned releases of Exchange Server 2016 and 2019, making the vulnerability relevant to environments running any of those cumulative updates or the base subscription edition.", "description_and_impact": "The vulnerability is a user interface misrepresentation that enables an adversary to spoof critical information displayed to users over the network. This flaw allows an unauthorized attacker to impersonate legitimate communications or services, potentially misleading users into revealing credentials or executing actions they otherwise would not. The weakness is categorized as CWE\u20111286 (inconsistent interface semantics) alongside CWE\u2011345 (boundary checking errors) and CWE\u2011451 (information exposure). The impact is primarily the compromise of data integrity and user trust, which may lead to credential theft or manipulation of mail flows.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a medium severity, but the EPSS score of less than 1% suggests the likelihood of exploitation is currently very low. The flaw is not listed in the CISA KEV catalog, implying no known large\u2011scale exploitation at present. However, the attack vector is inferred to be network\u2011based, leveraging normal traffic to the Exchange Server\u2019s web interface without requiring elevated privileges. As the flaw resides in the client\u2011side UI, any user with access to the affected Exchange web portal could be deceived by the attacker."}}}}, "created": "2026-02-12T12:22:59.002819+00:00", "updated": "2026-04-15T17:45:10.822379+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$exchange_server_2016", "microsoft$PRODUCT$exchange_server_2019", "microsoft$PRODUCT$exchange_server_se", "microsoft$PRODUCT$microsoft_exchange_server_2016_cumulative_update_23", "microsoft$PRODUCT$microsoft_exchange_server_2019_cumulative_update_14", "microsoft$PRODUCT$microsoft_exchange_server_2019_cumulative_update_15", "microsoft$PRODUCT$microsoft_exchange_server_subscription_edition_rtm"]}