VulnHub

Real-time Cybersecurity News

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Security Affairs
Actively Exploited
3 Sources
Reporting on this topic
The Hacker NewsHelp Net SecuritySecurity Affairs
CVEZero-dayMicrosoftExploitVulnerabilityXSS

Overview

Microsoft has confirmed that a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers. This vulnerability has a CVSS score of 8.1, indicating a high level of severity. It stems from improper handling of user input during web page generation, which can lead to cross-site scripting (XSS) attacks. Organizations using affected versions of Exchange Server are at risk, as attackers could exploit this flaw to execute malicious scripts in the context of users' browsers. Microsoft urges users to take immediate action to protect their systems and data from potential breaches.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Microsoft Exchange Server (specific versions not detailed)
  • Action Required: Microsoft recommends that users apply available security updates to their Exchange Server installations.
  • Timeline: Newly disclosed

Original Article Summary

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange […]

Impact

Microsoft Exchange Server (specific versions not detailed)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Microsoft recommends that users apply available security updates to their Exchange Server installations. Regularly updating systems and monitoring for unusual activity are also advised as general best practices.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Zero-day, Microsoft, and 3 more.

Multiple Sources: This threat is being reported by 3 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Help Net Security

Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.

May 15, 2026

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

The Hacker News

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

May 15, 2026