On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

thehackernews.com·May 15, 2026

Microsoft has revealed a critical security vulnerability (CVE-2026-42897) in on-premise Exchange Server versions, which is being actively exploited and is classified as a spoofing bug due to a cross-site scripting flaw, with a CVSS score of 8.1. The issue was reported by an anonymous researcher.

For a professional focused on cybersecurity, the key actionable takeaway is the urgent need to address the newly disclosed CVE-2026-42897 vulnerability in on-premise Exchange Servers, as it is actively exploited and has a high severity score of 8.1. Immediate steps should include patching affected systems, updating security protocols, and closely monitoring for any signs of exploitation to mitigate potential data breaches or security incidents.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Want more content like this?

More from Cybersecurity News

Microsoft shares mitigation for YellowKey Windows zero-day

Risky Business #838 -- GitHub investigates possible breach

Risky Bulletin: Microsoft takes down crime SaaS used by ransomware gangs

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

Max-severity flaw in ChromaDB for AI apps allows server hijacking