Skip to content
The Nexus
SECURITYMay 18 · 21:43 UTCDARK READINGRob Wright

Microsoft Exchange Zero-Day Under Attack, No Patch Available

A zero-day vulnerability, CVE-2026-42897, has been discovered in Microsoft Exchange, allowing attackers to compromise Outlook Web Access mailboxes through a cross-site scripting vulnerability. No patch is currently available to fix this issue. The vulnerability can be exploited to gain unauthorized access to sensitive information.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this