High severity8.1CISA KEVNVD Advisory· Published May 14, 2026· Updated Jun 15, 2026
CVE-2026-42897
CVE-2026-42897
Description
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897nvdMitigationVendor Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
17- Breach Roundup: CISA Says Agencies Should 'Patch Smarter'GovInfoSecurity · Jun 12, 2026
- Microsoft Patches Exploited Exchange Server VulnerabilitySecurityWeek · Jun 11, 2026
- Microsoft patches Exchange Server zero-day exploited in attacksBleepingComputer · Jun 10, 2026
- Record Microsoft Patch Tuesday, fresh zero-dayHelp Net Security · Jun 10, 2026
- Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flawsBleepingComputer · Jun 9, 2026
- June 2026 Patch Tuesday forecast: Where are the CVEs?Help Net Security · Jun 5, 2026
- Microsoft Warns of Two Actively Exploited Defender VulnerabilitiesThe Hacker News · May 21, 2026
- Microsoft Exchange Zero-Day Under Attack, No Patch AvailableDark Reading · May 18, 2026
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026
- Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploitedHelp Net Security · May 17, 2026
- Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange ServersInfosecurity Magazine · May 15, 2026
- Microsoft Warns of Exchange Server Zero-Day Exploited in the WildSecurityWeek · May 15, 2026
- Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)Help Net Security · May 15, 2026
- Microsoft warns of Exchange zero-day flaw exploited in attacksBleepingComputer · May 15, 2026
- On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted EmailThe Hacker News · May 15, 2026
- Microsoft CVE-2026-42897 Added to CISA KEV Under Active ExploitationVypr Intelligence · May 14, 2026
- CISA Adds One Known Exploited Vulnerability to CatalogCISA Alerts