CVE-2026-42897
Microsoft Exchange Server Cross-Site Scripting Vulnerability
CVSS
—
Sin CVSS
EPSS
5.6%
p92
KEV
SÍ
15 may 2026
Exploit Today
78
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Microsoft
Vulnerabilidad
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Añadido a KEV
15 may 2026
Remediar antes de
29 may 2026
Uso conocido en ransomware
No
Descripción resumida
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897 ; https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-emergency-mitigation-service ; https://nvd.nist.gov/vuln/detail/CVE-2026-42897
Sin CVEs relacionados por CWE o producto.