AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesApril 12, 2026CVE-2023-21529

Summary

Microsoft Exchange Server has a deserialization vulnerability (a flaw where the software unsafely processes data from untrusted sources, allowing an attacker to run malicious code) that lets an authenticated attacker (someone with login access) execute remote code execution (run commands on the server from afar). This vulnerability is currently being actively exploited by real attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-27.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 36.7%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

April 12, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-21529

First tracked: April 13, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%