THREATNOIR
Subscribe
Back to Feed
Zero-dayMay 18, 2026

Microsoft Exchange Zero-Day Under Attack, No Patch Available

Microsoft Exchange zero-day CVE-2026-42897 XSS flaw enables OWA mailbox compromise.

Read at source

Summary

A previously unknown cross-site scripting (XSS) vulnerability in Microsoft Exchange (CVE-2026-42897) is under active attack, with no patch currently available. The flaw allows attackers to compromise Outlook Web Access (OWA) mailboxes, putting email access and sensitive organizational communications at immediate risk.

Indicators of Compromise

  • cve — CVE-2026-42897

Entities

Microsoft (vendor)Microsoft Exchange (product)Outlook Web Access (OWA) (product)