[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_0XLUssgOvMNyiqqt_xsuquw_4i_Bmi7EG0Y_HI0txM":3},{"article":4,"iocs":41},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":30},"da5fb4e5-55e8-45bb-a4d0-aa63a4d5c90e","Microsoft Exchange Zero-Day Under Attack, No Patch Available","microsoft-exchange-zero-day-under-attack-no-patch-available-c8f912","CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.","A previously unknown cross-site scripting (XSS) vulnerability in Microsoft Exchange (CVE-2026-42897) is under active attack, with no patch currently available. The flaw allows attackers to compromise Outlook Web Access (OWA) mailboxes, putting email access and sensitive organizational communications at immediate risk.","Microsoft Exchange zero-day CVE-2026-42897 XSS flaw enables OWA mailbox compromise.",null,"https:\u002F\u002Fwww.darkreading.com\u002Fvulnerabilities-threats\u002Fmicrosoft-exchange-zero-day-no-patch","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt8a4b55f47bd9ed66\u002F6a0b619572bcb61757c995eb\u002Fexchange_Piotr_Swat_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-18T21:43:51+00:00","2026-05-18T22:00:15.275585+00:00",9,[18,21,24],{"name":19,"type":20},"Microsoft","vendor",{"name":22,"type":23},"Microsoft Exchange","product",{"name":25,"type":23},"Outlook Web Access (OWA)","574f766a-fb3f-487c-8d2c-0720ae75471b",{"id":26,"icon":11,"name":28,"slug":29},"Zero-day","zero-day",[31,36],{"category":32},{"id":33,"icon":11,"name":34,"slug":35},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":37},{"id":38,"icon":11,"name":39,"slug":40},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",[42],{"type":43,"value":44,"context":45},"cve","CVE-2026-42897","Microsoft Exchange XSS vulnerability in OWA, under active exploitation, unpatched"]