Vulnerabilities3 min read
Exchange Server Zero-Day CVE-2026-42897 Exploited via Crafted Emails
Microsoft confirms active exploitation of CVE-2026-42897, an XSS flaw in Exchange OWA that executes JavaScript via malicious emails. No patch available yet.
Marcus ChenMay 16, 2026