All Tech Blogs Explore Tags Send Feedback

Endigest

© 2026 Endigest. All rights reserved.

About
Privacy
Terms
Contact
RSS

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email | Endigest

The Hacker News

|Security

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

2026-05-15

1 min read

0

by info@thehackernews.com (The Hacker News)

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Email address

Endigest AI Core Summary

Microsoft disclosed CVE-2026-42897, a cross-site scripting vulnerability in on-premises Exchange Server being actively exploited.

•CVSS score 8.1 affects Exchange Server 2016, 2019, and Subscription Edition
•Attackers send crafted emails executing arbitrary JavaScript in Outlook Web Access
•Temporary mitigation available via Exchange Emergency Mitigation Service or EOMT tool
•Exchange Online is not affected; permanent patch in development
•CISA added to Known Exploited Vulnerabilities catalog with May 29, 2026 deadline

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Related Articles

The Hacker News

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Security·2026-05-29

Cloud CISO Perspectives: How to build an AI-ready security program for the public sector

Security·2026-05-29

The Hacker News

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

Security·2026-05-29

The Hacker News

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

Security·2026-05-29