Microsoft Exchange Server zero-day exploited via crafted email
Source: Notebookcheck
Published:
<p>Microsoft confirmed active exploitation of CVE-2026-42897, a zero-day in on-premises Exchange Server that lets attackers execute arbitrary JavaScript in a victim's browser by sending a crafted email. No permanent patch exists. Microsoft deployed an emergency mitigation on May 14, and CISA added t