Microsoft has disclosed a new security vulnerability impacting
on-premise versions of Exchange Server that it said has come under
active exploitation in the wild. The vulnerability, tracked as
CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing
bug stemming from a cross-site scripting flaw. An anonymous
researcher has been credited with discovering and reporting the
issue. "
Read more https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html
