Microsoft Microsoft Exchange Server 2016 Cumulative Update 23
55 CVEs affecting Microsoft Microsoft Exchange Server 2016 Cumulative Update 23. Latest disclosed: 2026-05-14. Critical: 2, High: 44.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-21410 | Critical | 9.8 | 2024-02-13 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2023-21709 | Critical | 9.8 | 2023-08-08 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2025-59249 | High | 8.8 | 2025-10-14 | Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. |
CVE-2024-26198 | High | 8.8 | 2024-03-12 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-38181 | High | 8.8 | 2023-08-08 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2023-38185 | High | 8.8 | 2023-08-08 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-35368 | High | 8.8 | 2023-08-08 | Microsoft Exchange Remote Code Execution Vulnerability |
CVE-2023-32031 | High | 8.8 | 2023-06-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-21529 | High | 8.8 | 2023-02-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-21707 | High | 8.8 | 2023-02-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2023-21706 | High | 8.8 | 2023-02-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
CVE-2022-41080 | High | 8.8 | 2022-11-09 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2022-41040 | High | 8.8 | 2022-10-03 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2025-53782 | High | 8.4 | 2025-10-14 | Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. |
CVE-2022-21978 | High | 8.2 | 2022-05-10 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2026-42897 | High | 8.1 | 2026-05-14 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform sp… |
CVE-2025-53786 | High | 8.0 | 2025-08-06 | On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these cha… |
CVE-2023-36035 | High | 8.0 | 2023-11-14 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2023-36039 | High | 8.0 | 2023-11-14 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2023-36050 | High | 8.0 | 2023-11-14 | Microsoft Exchange Server Spoofing Vulnerability |