<< Back
CVE Number Vulnerability Product Severity Date
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Important 01-07-2026

Technical Information

An unauthenticated attacker can exploit this Microsoft Exchange Server cross-site scripting vulnerability by sending a specially crafted email that, when opened in Outlook Web Access and interacted with by the victim, executes arbitrary JavaScript in the browser context, enabling spoofing attacks and potential theft of sensitive information.

Patch release date: Jun 09, 2026
Further information on this vulnerability is available at : CVE-2026-42897

Affected Software

Microsoft Exchange Server Subscription Edition RTM
Microsoft Exchange Server 2019 Cumulative Update 15
Microsoft Exchange Server 2019 Cumulative Update 14
Microsoft Exchange Server 2016 Cumulative Update 23