VYPR
Medium severity6.5NVD Advisory· Published Feb 10, 2026· Updated Jun 15, 2026

CVE-2026-21527

CVE-2026-21527

Description

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Affected products

5
  • Microsoft/Exchange Serverllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 15.02.0.0
  • Microsoft/Microsoft Exchange Server 2016 Cumulative Update 23v5
    Range: 15.01.0.0
  • Microsoft/Microsoft Exchange Server 2019 Cumulative Update 14v5
    Range: 15.02.0.0
  • Microsoft/Microsoft Exchange Server 2019 Cumulative Update 15v5
    Range: 15.02.0.0

Patches

Vulnerability mechanics

References

1

News mentions

1