A zero-day vulnerability in Microsoft Exchange Server, tracked as CVE-2026-42897, is being actively exploited by attackers, prompting the company to issue temporary mitigations. The vulnerability affects various Exchange Server versions, and Microsoft is working on a permanent patch. In the meantime, administrators are advised to apply the provided mitigations to reduce the risk of exploitation. The exploitation status of CVE-2026-42897 is currently being discussed by Microsoft, which will determine whether this is a patch-now or monitor situation1. Technical details of the vulnerability are limited, but its active exploitation in the wild underscores the need for prompt action. The fact that a zero-day exploit is being used against Exchange Server highlights the ongoing threats faced by organizations relying on this software, so a proactive approach to patching and mitigation is crucial to prevent potential security breaches.