Skip to content
The Nexus
DossierENTITY

CVE-2026-42897

Coverage of CVE-2026-42897 in the Nexus archive.

Earliest in view: May 15 · 06:19 UTCMost recent: May 18 · 21:43 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 18 · 21:43 UTCDARK READING
    Microsoft Exchange Zero-Day Under Attack, No Patch Available

    A zero-day vulnerability, CVE-2026-42897, has been discovered in Microsoft Exchange, allowing attackers to compromise Outlook Web Access mailboxes through a cross-site scripting vulnerability. No patch is currently available to fix this issue. The vulnerability can be exploited to gain unauthorized access to sensitive information.

  • SECURITYMay 15 · 11:51 UTCTHE REGISTER
    Exploited Exchange Server flaw turns OWA inboxes into script launchpads

    Microsoft confirmed a vulnerability in on-premises Exchange Server that could result in script execution in victims' browsers, affecting Outlook Web Access and tracked as CVE-2026-42897. The flaw can be triggered by a specially crafted email and has a CVSS score of 8.1. A mitigation has been released via the Exchange Emergency Mitigation Service.

  • SECURITYMay 15 · 06:19 UTCTHE HACKER NEWS
    On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

    Microsoft disclosed a security vulnerability in on-premise Exchange Server versions, tracked as CVE-2026-42897, which has been exploited in the wild. The bug is described as a spoofing issue stemming from a cross-site scripting flaw. An anonymous researcher discovered and reported the issue.