CVE-2026-42897 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-05-14

Added to CISA KEV: 2026-05-15 1 DAY BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review Exchange server logs, check for unauthorized access, verify system integrity, and examine web access logs for suspicious crafted requests
Apply Microsoft security updates immediately for all affected Exchange Server versions (2016 CU23, 2019 CU14/CU15, Subscription Edition RTM)
Monitor Exchange server web traffic for malicious requests and implement web application firewall rules to detect XSS attempts
EMERGENCY patch priority - apply updates within 72 hours due to active exploitation

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted ...
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw.
CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-42897 Detail - NVD
Description. Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an ...

🔴 CVE-2026-42897