Microsoft Exchange Server Vulnerability CVE-2026-42897 Under Active Exploitation in the Wild

Microsoft has confirmed active exploitation of a critical security flaw affecting on-premise Exchange Server deployments. Tracked as CVE-2026-42897 with a CVSS score of 8.1, the vulnerability allows attackers to conduct spoofing attacks through crafted emails—a technique that exploits a cross-site scripting weakness in the email processing chain.

The vulnerability was identified and reported by an anonymous security researcher who responsibly disclosed the flaw to Microsoft. The tech giant has acknowledged the in-the-wild exploitation, signaling that threat actors have already moved beyond proof-of-concept testing into practical attacks against unpatched systems. On-premise Exchange Server installations remain the primary target, as these deployments retain direct control over mail infrastructure rather than relying on cloud-based Exchange Online protection.

Organizations running affected on-premise Exchange Server versions face immediate exposure, particularly those handling sensitive communications or serving as high-value targets for corporate espionage, credential harvesting, or downstream phishing campaigns. The cross-site scripting component suggests attackers can potentially intercept or manipulate email content, impersonate legitimate senders, or harvest session data from users viewing malicious messages. Microsoft is expected to release security updates addressing CVE-2026-42897, and administrators should monitor Microsoft's Security Response Center for patch availability. Threat intelligence teams should prioritize indicators of compromise related to crafted email vectors targeting Exchange environments.