On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email – Immediate Threat Alert

On-Prem Microsoft Exchange Server CVE-2026-42897 Actively Exploited

Microsoft confirmed that the on‑premises Exchange Server vulnerability identified as CVE-2026-42897 is being leveraged in the wild through specially crafted email messages. The flaw, rated ↓ 8.1 on the CVSS scale, stems from a cross‑site scripting weakness that enables spoofed sender addresses and potential remote code execution.

What attackers gain

By injecting malicious script into email headers, threat actors can hijack user sessions, exfiltrate credentials, and plant additional payloads. Security teams are urged to apply the latest patches released by Microsoft without delay.

“We have observed active exploitation of this issue and recommend immediate remediation,” a Microsoft spokesperson told Reuters.

An anonymous security researcher first reported the bug, prompting a rapid response from the vendor. Organizations running legacy Exchange installations should audit mail flow logs for anomalous patterns and consider temporary mitigation such as disabling HTML rendering in inbound messages.

For broader context on recent enterprise email attacks, see the Bloomberg analysis of phishing trends.