CVE-2026-42897

Confirmed PUBLISHED

Microsoft Exchange Server Spoofing Vulnerability

Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 15, Microsoft Exchange Server Subscription Edition RTM

1 day faster than CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.1 High EPSS 5.6%

At a Glance

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

cisa microsoft
CVE Published
May 14, 2026
Exploitation Reported
Jun 01, 2026
CVSS
8.1 High
EPSS
5.6%
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 23

15.01.0.0 to < 15.01.2507.069

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 14

15.02.0.0 to < 15.02.1544.041

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 15

15.02.0.0 to < 15.02.1748.046

Affected
Microsoft
Microsoft Exchange Server Subscription Edition RTM

15.02.0.0 to < 15.02.2562.043

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.