VulnHub

Real-time Cybersecurity News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

The Hacker News
Actively Exploited
3 Sources
Reporting on this topic
The Hacker NewsHelp Net SecuritySecurity Affairs
CVEMicrosoftVulnerability

Overview

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: On-premise versions of Microsoft Exchange Server
  • Action Required: Organizations should apply available patches for Exchange Server as soon as they are released.
  • Timeline: Newly disclosed

Original Article Summary

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "

Impact

On-premise versions of Microsoft Exchange Server

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should apply available patches for Exchange Server as soon as they are released. Regularly updating software and implementing security best practices can help mitigate the risk associated with this vulnerability. Users should also be cautious about email content and links to prevent exploitation via crafted emails.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Microsoft, Vulnerability.

Multiple Sources: This threat is being reported by 3 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Security Affairs

Microsoft has confirmed that a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers. This vulnerability has a CVSS score of 8.1, indicating a high level of severity. It stems from improper handling of user input during web page generation, which can lead to cross-site scripting (XSS) attacks. Organizations using affected versions of Exchange Server are at risk, as attackers could exploit this flaw to execute malicious scripts in the context of users' browsers. Microsoft urges users to take immediate action to protect their systems and data from potential breaches.

May 15, 2026

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Help Net Security

Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.

May 15, 2026