Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...

Microsoft warns of Exchange zero-day flaw exploited in attacks

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

Do you use Microsoft Exchange? Hackers are actively exploiting a new zero-day flaw

Microsoft warns of a new zero-day vulnerability that leaves Exchange open to hackers.
The Hacker News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come ...
CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...
Windows Report

Exchange Server 2016 And 2019 Hit By Critical OWA Vulnerability

Microsoft warned Exchange Server customers about critical OWA vulnerability CVE-2026-42897 affecting on-premises deployments.