Active exploitation of Microsoft Exchange Server spoofing vulnerability CVE-2026-42897 with emergency mitigation available

First reported

18.05.2026 16:50

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A spoofing vulnerability affecting on-premises Microsoft Exchange Server (CVE-2026-42897, CVSS 8.1) is being actively exploited in the wild. The flaw stems from a cross-site scripting weakness and enables unauthorized access through impersonation vectors. Microsoft has issued a temporary mitigation via the Exchange Emergency Mitigation Service while developing a permanent fix. No details on exploitation methods, threat actor identity, target scope, or successful compromise rates have been disclosed. Immediate patching or mitigation is recommended for exposed Exchange environments.

Timeline

18.05.2026 16:50 1 articles · 14h ago

Active exploitation of Microsoft Exchange Server spoofing flaw CVE-2026-42897 reported
Microsoft disclosed CVE-2026-42897, a spoofing vulnerability in on-premises Exchange Server stemming from a cross-site scripting flaw. The company confirmed active exploitation in the wild and issued a temporary mitigation via the Exchange Emergency Mitigation Service pending a permanent fix. No further technical details about exploitation vectors or threat actor activity have been released.
Show sources

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More — thehackernews.com — 18.05.2026 16:50
Open in new tab

Information Snippets

CVE-2026-42897 impacts on-premises Microsoft Exchange Server versions and is classified as a spoofing vulnerability originating from a cross-site scripting flaw.
First reported: 18.05.2026 16:50

1 source, 1 article
Show sources
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More — thehackernews.com — 18.05.2026 16:50
Active exploitation of CVE-2026-42897 has been observed; Microsoft deployed the Exchange Emergency Mitigation Service as a temporary defense mechanism.
First reported: 18.05.2026 16:50

1 source, 1 article
Show sources
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More — thehackernews.com — 18.05.2026 16:50
The vulnerability has a CVSS base score of 8.1, indicating high severity due to potential unauthorized access and spoofing capabilities.
First reported: 18.05.2026 16:50

1 source, 1 article
Show sources
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More — thehackernews.com — 18.05.2026 16:50
No public disclosure exists regarding exploitation techniques, targeted entities, threat actor attribution, or confirmed successful intrusions as of May 18, 2026.
First reported: 18.05.2026 16:50

1 source, 1 article
Show sources
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More — thehackernews.com — 18.05.2026 16:50

Summary

Timeline

Active exploitation of Microsoft Exchange Server spoofing flaw CVE-2026-42897 reported

Information Snippets