A newly discovered zero-day vulnerability in Microsoft Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers, with a CVSS score of 8.1, indicating a high level of severity. This flaw allows for cross-site scripting, enabling an attacker to perform spoofing over a network, which can have significant consequences for affected organizations. The vulnerability arises from the improper neutralization of input during web page generation, making it a critical issue that requires immediate attention. Microsoft has confirmed the active exploitation of this vulnerability, highlighting the need for prompt action to mitigate its impact1. The fact that CVE-2026-42897 is being exploited in the wild means that practitioners should prioritize patching or monitoring their Exchange Server systems to prevent potential breaches, as the exploitation status of this vulnerability will determine the necessary course of action.
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
⚠️ Critical Alert
Why This Matters
CVE-2026-42897 is in active discussion involving Microsoft — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, May 15). CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day. SecurityAffairs. https://securityaffairs.com/192204/security/cve-2026-42897-microsoft-confirms-active-exploitation-of-exchange-server-zero-day.html
Original Source
SecurityAffairs
Read original →