CVE-2021-26855— Microsoft Exchange Server Remote Code Execution Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-26855
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Microsoft Exchange Server Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Exchange Server 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。 Microsoft Exchange Server 安全漏洞。攻击者可构造恶意HTTP请求,并通过Exchange Server进行身份验证。进而扫描内网,获取用户敏感信息。以下产品和版本受到影响:Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 8 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 22 | 15.00.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 2 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 13 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 | 15.00.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 3 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 14 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 4 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 15 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 5 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 6 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 16 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 17 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 7 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 18 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 21 | 15.00.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 12 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 8 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 1 | 15.02.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 9 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 10 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:* | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 11 | 15.01.0 ~ publication | cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:* |
II. Public POCs for CVE-2021-26855
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | IoC determination for exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. | https://github.com/sgnls/exchange-0days-202103 | POC Details |
| 2 | A PowerShell script to identify indicators of exploitation of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865 | https://github.com/soteria-security/HAFNIUM-IOC | POC Details |
| 3 | Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) | https://github.com/cert-lv/exchange_webshell_detection | POC Details |
| 4 | Microsoft Exchange Server SSRF漏洞(CVE-2021-26855) | https://github.com/conjojo/Microsoft_Exchange_Server_SSRF_CVE-2021-26855 | POC Details |
| 5 | This script helps to identify CVE-2021-26855 ssrf Poc | https://github.com/pussycat0x/CVE-2021-26855-SSRF | POC Details |
| 6 | CVE-2021-26855 SSRF Exchange Server | https://github.com/La3B0z/CVE-2021-26855-SSRF-Exchange | POC Details |
| 7 | Module pack for #ProxyLogon (part. of my contribute for Metasploit-Framework) [CVE-2021-26855 && CVE-2021-27065] | https://github.com/mekhalleh/exchange_proxylogon | POC Details |
| 8 | POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc | https://github.com/Yt1g3r/CVE-2021-26855_SSRF | POC Details |
| 9 | CVE-2021-26855 exp | https://github.com/hackerxj007/CVE-2021-26855 | POC Details |
| 10 | A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). | https://github.com/dwisiswant0/proxylogscan | POC Details |
| 11 | This script test the CVE-2021-26855 vulnerability on Exchange Server. | https://github.com/mauricelambert/ExchangeWeaknessTest | POC Details |
| 12 | CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 | https://github.com/DCScoder/Exchange_IOC_Hunter | POC Details |
| 13 | PoC exploit code for CVE-2021-26855 | https://github.com/srvaccount/CVE-2021-26855-PoC | POC Details |
| 14 | None | https://github.com/h4x0r-dz/CVE-2021-26855 | POC Details |
| 15 | None | https://github.com/alt3kx/CVE-2021-26855_PoC | POC Details |
| 16 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/raheel0x01/CVE-2021-26855 | POC Details |
| 17 | PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github | https://github.com/hackerschoice/CVE-2021-26855 | POC Details |
| 18 | CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 | https://github.com/SCS-Labs/HAFNIUM-Microsoft-Exchange-0day | POC Details |
| 19 | Scanner and PoC for CVE-2021-26855 | https://github.com/KotSec/CVE-2021-26855-Scanner | POC Details |
| 20 | RCE exploit for Microsoft Exchange Server (CVE-2021-26855). | https://github.com/hakivvi/proxylogon | POC Details |
| 21 | CVE-2021-26855: PoC (Not a HoneyPoC for once!) | https://github.com/ZephrFish/Exch-CVE-2021-26855 | POC Details |
| 22 | RCE exploit for ProxyLogon vulnerability in Microsoft Exchange | https://github.com/mil1200/ProxyLogon-CVE-2021-26855 | POC Details |
| 23 | CVE-2021-26855 & CVE-2021-27065 | https://github.com/evilashz/ExchangeSSRFtoRCEExploit | POC Details |
| 24 | patched to work | https://github.com/ZephrFish/Exch-CVE-2021-26855_Priv | POC Details |
| 25 | None | https://github.com/Mr-xn/CVE-2021-26855-d | POC Details |
| 26 | ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution. | https://github.com/RickGeex/ProxyLogon | POC Details |
| 27 | Chaining CVE-2021-26855 and CVE-2021-26857 to exploit Microsoft Exchange | https://github.com/Immersive-Labs-Sec/ProxyLogon | POC Details |
| 28 | None | https://github.com/shacojx/Scan-Vuln-CVE-2021-26855 | POC Details |
| 29 | CVE-2021-26855 proxyLogon metasploit exploit script | https://github.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit | POC Details |
| 30 | ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell) | https://github.com/p0wershe11/ProxyLogon | POC Details |
| 31 | None | https://github.com/shacojx/CVE-2021-26855-exploit-Exchange | POC Details |
| 32 | Microsoft Exchange Proxylogon Exploit Chain EXP分析 | https://github.com/catmandx/CVE-2021-26855-Exchange-RCE | POC Details |
| 33 | analytics ProxyLogo Mail exchange RCE | https://github.com/hictf/CVE-2021-26855-CVE-2021-27065 | POC Details |
| 34 | Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange. | https://github.com/praetorian-inc/proxylogon-exploit | POC Details |
| 35 | C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection | https://github.com/Flangvik/SharpProxyLogon | POC Details |
| 36 | [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. | https://github.com/hosch3n/ProxyVulns | POC Details |
| 37 | 針對近期微軟公布修補遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現安全漏洞後,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:遭駭客攻擊的Exchange Server漏洞問題,台灣DEVCORE表示早在1月5日便已發現,並且向微軟通報此項編號命名為「CVE-2021-26855 」,以及「CVE-2021-27065」的零日漏洞,同時也將此項漏洞稱為「ProxyLogon」。 此次揭露的「ProxyLogon」漏洞,是以無需驗證即可使用的遠端程式碼執行 (Pre-Auth Remote Code Execution;Pre-Auth RCE)零日漏洞(Zero-day exploit),可讓攻擊者得以繞過身份驗證步驟,驅使系統管理員協助執行惡意文件或執行指令,進而觸發更廣泛的攻擊。 「ProxyLogon」是微軟近期被揭露最重大的RCE漏洞之一,DEVCORE團隊遵循責任揭露 (Responsible Disclosure)原則,在發現後便第一時間立即於今年1月5日通報微軟進行修補,避免該漏洞遭有心人士利用,造成全球用戶重大損失。而微軟遂於3月2日針對相關漏洞釋出安全更新,避免用戶機敏資訊遭受惡意攻擊。個人想法:微軟是大眾常用的軟體之一,駭客只要察覺漏洞就會進行惡意的攻擊,微軟公布4個Exchange Server的安全漏洞後,就遭受駭客的惡意攻擊,這件事的發生,微軟需更加小心並提高資安的防護。 | https://github.com/Nick-Yin12/106362522 | POC Details |
| 38 | C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in… | https://github.com/yaoxiaoangry3/Flangvik | POC Details |
| 39 | Microsoft Exchange ProxyLogon PoC (CVE-2021-26855) | https://github.com/thau0x01/poc_proxylogon | POC Details |
| 40 | C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode in… | https://github.com/1342486672/Flangvik | POC Details |
| 41 | CVE-2021-26855 | https://github.com/TheDudeD6/ExchangeSmash | POC Details |
| 42 | ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell) | https://github.com/kh4sh3i/ProxyLogon | POC Details |
| 43 | Tool to search for IOCs related to HAFNIUM: CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 | https://github.com/byinarie/Zirconium | POC Details |
| 44 | Microsoft Exchange CVE-2021-26855&CVE-2021-27065 | https://github.com/ssrsec/Microsoft-Exchange-RCE | POC Details |
| 45 | None | https://github.com/iceberg-N/cve-2021-26855 | POC Details |
| 46 | Clone from gist | https://github.com/timb-machine-mirrors/testanull-CVE-2021-26855_read_poc.txt | POC Details |
| 47 | None | https://github.com/MacAsure/cve-2021-26855 | POC Details |
| 48 | None | https://github.com/glen-pearson/ProxyLogon-CVE-2021-26855 | POC Details |
| 49 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/r0xdeadbeef/CVE-2021-26855 | POC Details |
| 50 | None | https://github.com/ShyTangerine/cve-2021-26855 | POC Details |
| 51 | This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26855.yaml | POC Details |
| 52 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/r0xDB/CVE-2021-26855 | POC Details |
| 53 | CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. | https://github.com/R0XDEADBEEF/CVE-2021-26855 | POC Details |
| 54 | None | https://github.com/Wercd/CVE-2021-26855 | POC Details |
| 55 | None | https://github.com/antichown/Scan-Vuln-CVE-2021-26855 | POC Details |
| 56 | None | https://github.com/haotiku/CVE-2021-26855-exploit-Exchange | POC Details |
| 57 | An advanced exploit for Microsoft Exchange Server (CVE-2021-26855, CVE-2021-27065) enhanced with Convergent Time Theory principles, achieving near-perfect theoretical rating through quantum temporal resonance and α-dispersion techniques. | https://github.com/SimoesCTT/CTT-ProxyLogon-RCE-v1.0---Convergent-Time-Theory-Enhanced-Microsoft-Exchange-Exploit | POC Details |
| 58 | CTT-enhanced version of the Microsoft Exchange Server SSRF to RCE exploit (ProxyShell/ProxyLogon), another CVSS 10.0 critical vulnerability that affected hundreds of thousands of organizations worldwide. | https://github.com/SimoesCTT/CTT-Exchange-RCE-v1.0---Microsoft-Exchange-Exploit-CVSS-10.0-CRITICAL-CVE-2021-26855-CVE-2021-27065 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-26855
请登录查看更多情报信息。
Same Patch Batch · Microsoft · 2021-03-02 · 7 CVEs total
| CVE-2021-27078 | 9.1 CRITICAL | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-26412 | 9.1 CRITICAL | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-27065 | 7.8 HIGH | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-26858 | 7.8 HIGH | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-26857 | 7.8 HIGH | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-26854 | 6.6 MEDIUM | Microsoft Exchange Server Remote Code Execution Vulnerability |
IV. Related Vulnerabilities
Same product: Microsoft Exchange Server 2016 Cumulative Update 19
Same vendor: Microsoft
- CVE-2026-42826
Azure DevOps Information Disclosure Vulnerability - CVE-2026-35428
Azure Cloud Shell Spoofing Vulnerability - CVE-2026-35435
Azure AI Foundry Elevation of Privilege Vulnerability - CVE-2026-34327
Microsoft Partner Center Spoofing Vulnerability - CVE-2026-33844
Azure Managed Instance for Apache Cassandra Remote Code Exec
V. Comments for CVE-2021-26855
No comments yet