Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 18, 2026 | 12:53 UTC
3996 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Vulnerabilities

Active Exploitation of Microsoft Exchange Server Vulnerability CVE-2026-42897 Reported

Thirumala Rao Padilam Thirumala Rao Padilam May 15, 2026
Active Exploitation of Microsoft Exchange Server Vulnerability CVE-2026-42897 Reported

Microsoft has disclosed a recently discovered security vulnerability in on-premises Exchange Server versions that is actively exploited through crafted emails. The flaw, identified as CVE-2026-42897, is a spoofing vulnerability stemming from cross-site scripting and carries a CVSS severity score of 8.1.

What happened

Microsoft announced a new security issue impacting on-premises installations of Exchange Server. This vulnerability is attributed a CVSS score of 8.1, indicating a high severity level. Notably, the flaw involves a spoofing condition caused by a cross-site scripting (XSS) bug and has been observed being exploited in the wild, meaning attackers have used it in real-world attacks. The discovery and report of this vulnerability were credited to an anonymous security researcher.

Why it matters

On-premises Microsoft Exchange Server is widely used in enterprise environments to manage email communications. A vulnerability that enables spoofing through cross-site scripting could allow attackers to impersonate trusted entities, potentially facilitating phishing attacks, social engineering, or further exploitation within intranet environments. The active exploitation status increases urgency for organizations to address this risk promptly to avoid compromise.

What security teams should do

Security teams managing on-premises Exchange Server deployments should prioritize reviewing Microsoft's guidance and applying any available security patches or mitigations to address CVE-2026-42897. Additionally, monitoring email traffic and system logs for suspicious activities related to spoofed messages or abnormal behavior consistent with XSS exploitation is advisable. Teams should coordinate with their incident response resources to contain any potential breaches arising from this vulnerability.

Key technical details

The vulnerability CVE-2026-42897 is characterized as a spoofing flaw deriving from a cross-site scripting weakness in on-premise Exchange Server deployments. While full exploitation details have not been disclosed publicly, the attack vector involves crafted emails exploiting this XSS bug to perform spoofing attacks. Microsoft assigned this vulnerability a CVSS score of 8.1, highlighting a high-risk impact scenario. The anonymous researcher who reported the vulnerability enabled Microsoft to issue advisories and develop countermeasures.

Affected organizations/products

This vulnerability impacts on-premises versions of Microsoft Exchange Server. Cloud-based Exchange services or other Microsoft offerings are not indicated as affected in the source statement.

Source attribution

https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!