CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
Publish Date: 2026-05-15 10:06:00
Source Domain: securityaffairs.com
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
Pierluigi Paganini
May 15, 2026
Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild.
Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1).
The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange Server. An attacker can exploit the flaw to perform spoofing over a network.
“Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.” reads the advisory.
Microsoft warned that the Exchange Server zero-day affects Outlook Web Access (OWA). Attackers can exploit the flaw by sending a specially crafted email that executes malicious JavaScript when opened in Outlook Web Access under certain conditions.
Microsoft confirmed it had detected active exploitation of CVE-2026-42897 in the wild; however, it has not disclosed details about any attacks exploiting the issue.
Until a permanent security update becomes available, Microsoft has released temporary mitigation measures and urged administrators to apply them immediately to reduce exposure to attacks.
The flaw surfaced just two days after Microsoft’s Patch Tuesday for May 2026 updates, which patched 138 vulnerabilities.
Exchange Server zero-days are dangerous because they sit at the center of corporate email, one of the most sensitive and widely used systems in any organization.
Upon exploiting Microsoft Exchange Server flaws, attackers often get a direct path into internal communications, credentials, and business workflows.
A key reason they’re high risk is…
