VYPR
High severity8.1CISA KEVNVD Advisory· Published May 14, 2026· Updated Jun 15, 2026

CVE-2026-42897

CVE-2026-42897

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

17