Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
First reported
Last updated
Happening score
H score 37
3 unique sources, 5 articles

Summary

Hide ▲

CVE-2026-42897 is an actively exploited spoofing vulnerability in on-premises Microsoft Exchange Server that can lead to arbitrary JavaScript execution in a browser context. The flaw affects Exchange Server 2016, 2019, and Subscription Edition, while Exchange Online is not impacted. Attackers can send a specially crafted email that, when opened in Outlook Web Access under certain interaction conditions, may execute script in the browser. Microsoft has marked the issue Exploitation Detected and is pushing temporary mitigations through Exchange Emergency Mitigation Service and, for air-gapped systems, EOMT while it works on a permanent fix.

Related Happenings

Microsoft Exchange Online mail flow disruption

Service Disruption
H score25 First: 02.06.2026 20:02 Last: 02.06.2026 20:02 Sources 1

About this happening: Microsoft is addressing a **widespread Exchange Online service disruption** that is delaying and failing email delivery for customers across **North America** and **Germany**. The...

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
H score48 First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
H score44 First: 15.05.2026 12:40 Last: 15.05.2026 12:40 Sources 1

How related: Using EM Service is the best way for your organization to mitigate this vulnerability right away. If you have EM Service currently disabled, we recommend you enable it right away.

About this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...

Latest development: 15.05.2026 15:35

Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

Microsoft Windows 365 Office installation disruption

Service Disruption
H score0 First: 13.05.2026 14:53 Last: 13.05.2026 14:53 Sources 1

About this happening: The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....

Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026

Security Tool/Service
H score11 First: 28.04.2026 16:18 Last: 28.04.2026 16:18 Sources 1

About this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...

Timeline

  1. 09.06.2026 20:57 1 articles · 1mo ago

    Microsoft flags Exchange Server spoofing vulnerability CVE-2026-42897 as actively exploited

    Initial Disclosure

    Microsoft identifies CVE-2026-42897 in Microsoft Exchange Server as an actively exploited spoofing vulnerability that can lead to JavaScript execution in a target’s browser when a specially crafted email is opened in Outlook Web Access under certain interaction conditions. Microsoft says mitigations are being pushed through the Exchange Emergency Mitigation Service while it continues work on the full update.

    Show sources
  2. 15.05.2026 09:19 3 articles · 1mo ago

    Microsoft discloses CVE-2026-42897 in on-premises Exchange Server

    Initial Disclosure

    Microsoft disclosed CVE-2026-42897 in on-premises Exchange Server, a spoofing vulnerability stemming from cross-site scripting that is under active exploitation in the wild. The flaw can be triggered by a crafted email opened in Outlook Web Access under certain interaction conditions and can allow arbitrary JavaScript execution in the browser context; Exchange Online is not impacted, while Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition are affected and Microsoft is providing a temporary mitigation through Exchange Emergency Mitigation Service or, for air-gapped environments, the Exchange on-premises Mitigation Tool (EOMT) pending a permanent fix.

    Show sources
  3. 15.05.2026 09:19 3 articles · 1mo ago

    Microsoft discloses CVE-2026-42897 in on-premises Exchange Server

    Initial Disclosure

    Microsoft disclosed CVE-2026-42897 in on-premises Exchange Server, a spoofing vulnerability stemming from cross-site scripting that is under active exploitation in the wild. The flaw can be triggered by a crafted email opened in Outlook Web Access under certain interaction conditions and can allow arbitrary JavaScript execution in the browser context; Exchange Online is not impacted, while Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition are affected and Microsoft is providing a temporary mitigation through Exchange Emergency Mitigation Service or, for air-gapped environments, the Exchange on-premises Mitigation Tool (EOMT) pending a permanent fix.

    Show sources
  4. 15.05.2026 09:19 3 articles · 1mo ago

    Microsoft discloses CVE-2026-42897 in on-premises Exchange Server

    Initial Disclosure

    Microsoft disclosed CVE-2026-42897 in on-premises Exchange Server, a spoofing vulnerability stemming from cross-site scripting that is under active exploitation in the wild. The flaw can be triggered by a crafted email opened in Outlook Web Access under certain interaction conditions and can allow arbitrary JavaScript execution in the browser context; Exchange Online is not impacted, while Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition are affected and Microsoft is providing a temporary mitigation through Exchange Emergency Mitigation Service or, for air-gapped environments, the Exchange on-premises Mitigation Tool (EOMT) pending a permanent fix.

    Show sources
  5. 14.05.2026 03:00 1 articles · 1mo ago

    Microsoft discloses CVE-2026-42897 in Exchange Server

    Initial Disclosure

    Microsoft disclosed a high-severity zero-day in on-premises Exchange Server tracked as CVE-2026-42897, an improper neutralization of input during web page generation issue also described as cross-site scripting (XSS). The flaw could let an unauthorized attacker perform spoofing over a network or send arbitrary code by targeting an Outlook user with a specially crafted email. The issue affects all existing Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE) versions and does not impact Exchange Online, and Microsoft had not yet released a patch.

    Show sources
  6. 14.05.2026 03:00 4 articles · 1mo ago

    Microsoft publishes EM Service and EOMT mitigations for CVE-2026-42897

    Mitigation Patch Update

    Microsoft published temporary mitigation guidance for CVE-2026-42897 using the Exchange Emergency Mitigation (EM) Service, which applies mitigations automatically when enabled, and the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Administrators were told to verify applied mitigations with the Exchange Health Checker script and to enable EM Service if it was disabled. Microsoft also noted that servers running versions older than March 2023 cannot receive new mitigations through the service and that both mitigation paths can disrupt features such as OWA Print Calendar and Inline images.

    Show sources