CVE-2026-42897
Microsoft Exchange Server Spoofing Vulnerability
Published: May 14, 2026Updated: May 15, 2026 Sources: CVE List NVD
8.1CVSS
HIGHImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
EPSS Score
7.9%
Top 7.8%
CISA KEV
Active Exploitation
Since May 15, 2026
Exploits
No Known Exploits
Remediation
Patch Available
CVSS Vector Breakdown
Exploitability
AV:NAttack VectorNetwork
AC:LAttack ComplexityLow
PR:NPrivileges RequiredNone
UI:RUser InteractionRequired
Scope
S:UScopeUnchanged
Impact
C:HConfidentialityHigh
I:HIntegrityHigh
A:NAvailabilityNone
Weaknesses
Affected Products
Attack Graph
Products CVE Techniques Tactics
Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.
Exploitability
CISA Known Exploited Vulnerability
Added to KEV:May 15, 2026
Remediation due:May 29, 2026
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Official Patch Available
Workaround Available
MITRE ATT&CK
2 techniques Execution
Initial Access
References
Timeline
Published
May 14, 2026
Added to CISA KEV
May 15, 2026
Last Updated
May 15, 2026
News mentions
5- Microsoft исправила более 200 уязвимостей и шесть 0-day в своих продуктахru-ru·Хакер (xakep.ru)· Source-only·
- Microsoft Patches Exploited Exchange Server Vulnerabilityen-us·SecurityWeek· Summary only·
- Microsoft patches Exchange Server zero-day exploited in attacksen-us·BleepingComputer· Summary only·
- Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flawsen-us·BleepingComputer· Summary only·
- В фокусе RVD: трендовые уязвимости маяru·Хабр — Информационная безопасность· Summary only·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-42897 and every CVE in our database. Create a free account — no credit card required.
Create Free AccountPlain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows