CVE-2026-42897: Microsoft Exchange Server (On-Premises)

What is CVE-2026-42897?

Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

CVSS8.1 NVD 3.1

SeverityHIGH

Exploitation In the wild In CISA KEV

Triage statusActive Exploit

ActionPatch immediately

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA Known Exploited Vulnerability

Microsoft Exchange Server Cross-Site Scripting Vulnerability

Added to KEV2026-05-15

Federal patch deadline2026-05-29

Known ransomware useUnknown

Affected product

Microsoft Exchange Server (On-Premises)

Remediation Steps

Apply Microsoft security update for Exchange Server immediately from Microsoft Update portal
Review email security logs for suspicious crafted emails containing XSS payloads dated back 30 days
Implement enhanced email filtering rules blocking suspicious script content in message headers
Conduct forensic analysis of user accounts targeted by spoofing attacks
Enable advanced threat protection features in Exchange Organization configuration

References

Coverage on defend.network

Vulnerability Priority Report – Week 3 of May 2026 (May 18 – 24)
Microsoft Exchange zero-day in active use; npm worm clones spread after source leak (2026-05-19)
Zero-days exploited: NGINX, MS Exchange, Cisco SD-WAN; TanStack hit (2026-05-18)
Critical RCEs exploited: Cisco SD-WAN, Exchange, Funnel Builder (2026-05-17)
MS Exchange zero-day exploited; npm hits OpenAI; Turla evolves Kazuar (2026-05-16)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.