CVE-2026-42897 - Geek Feed

Microsoft patches Exchange Server zero-day exploited in attacks

June 13, 2026June 13, 2026 geekfeed0Tagged 0day, Code Execution, Cross-site scripting, CVE-2026-42897, Exchange, microsoft, Microsoft Exchange, outlook, Outlook on the web, OWA, patch, Security Update, xss, Zero-Day

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. This high-severity spoofing vulnerability (CVE-2026-42897) affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE) software and can be exploited by remote attackers with […]

2 mins read

Microsoft warns of Exchange zero-day flaw exploited in attacks

May 18, 2026May 18, 2026 geekfeed0Tagged 0day, Code Execution, CVE-2026-42897, JavaScript, microsoft, Microsoft Exchange, Mitigation, Zero-Day

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. Microsoft describes this security flaw (CVE-2026-42897) as a spoofing vulnerability affecting up-to-date Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription […]

3 mins read