CVE-2026-42897
Microsoft Exchange Server Cross-Site Scripting Vulnerability
⚠ KEVEPSS 10.3%
Description
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
How to fix CVE-2026-42897
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2026-42897 being exploited?
Yes — CVE-2026-42897 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.