CISA Warns: Microsoft Exchange Vulnerability Exploited

Exploitation of a newly disclosed Microsoft Exchange Server vulnerability is now occurring in real-world attacks. This has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a fresh warning. The ongoing threat raises significant concerns for organizations that rely on on-premises email infrastructure.

The flaw CVE-2026-42897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Exchange Server, specifically within Outlook Web Access (OWA).

According to the official advisory, the issue occurs during web page generation. It can be triggered under certain interaction conditions, allowing attackers to execute arbitrary JavaScript in a victim’s browser.

The vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on May 15, 2026, signaling confirmed active exploitation in the wild.

Federal agencies and organizations that follow the Binding Operational Directive (BOD) 22-01 are required to remediate the issue by May 29, 2026.

Microsoft Exchange Server Vulnerability Exploit

Security researchers note that XSS flaws in enterprise email platforms like Exchange are particularly dangerous because they can be weaponized to hijack authenticated sessions.

In practice, an attacker could trick a user into clicking a specially crafted link that executes malicious scripts within their browser session.

This can lead to credential theft, mailbox access, or further internal compromise.

Although Microsoft has not publicly linked the vulnerability to ransomware campaigns, CISA’s inclusion of the flaw in the KEV catalog strongly indicates active interest from threat actors.

Exchange servers have historically been a high-value target for attackers due to their role in handling sensitive communications and credentials.

The vulnerability is categorized under CWE-79, a well-known class of web security flaws involving improper neutralization of input during web page generation.

Despite being a common vulnerability type, XSS remains widely exploited due to inconsistent input validation and complex web application behavior.

CISA is urging organizations to apply vendor-provided mitigations and security updates immediately.

In cases where patches are not yet available or cannot be applied, agencies are advised to follow alternative mitigation strategies outlined by Microsoft or consider discontinuing use of affected systems until they can be secured.

Security teams should also monitor Exchange server logs for suspicious activity, including unusual authentication patterns, unexpected script execution, or abnormal user behavior in Outlook Web Access sessions.

This latest warning underscores a broader trend of attackers actively targeting enterprise collaboration tools, especially those exposed to the internet.

With Exchange Server still widely deployed across enterprises, unpatched vulnerabilities can quickly become entry points for deeper network intrusions.

Organizations are strongly encouraged to prioritize patching efforts and review their exposure to internet-facing Exchange services to reduce the risk of exploitation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.