AI Summary
A zero-day vulnerability, CVE-2026-42897, in Microsoft Exchange allows attackers to exploit cross-site scripting in Outlook Web Access to compromise mailboxes. No patch is currently available, posing active risk to organizations.
Technical dark reading · 5/18/2026
Microsoft Exchange Zero-Day Under Attack, No Patch Available
This is a standalone intelligence detail page built for indexing and citation, with the summary, linked domains, and next verification paths in one place.
Quick Answer
A zero-day vulnerability, CVE-2026-42897, in Microsoft Exchange allows attackers to exploit cross-site scripting in Outlook Web Access to compromise mailboxes. No patch is currently available, posing active risk to organizations.
No public linked domains listed
No public scam tags listed
Intelligence grade actionable
dark reading
Source
HIGH
Importance
0
Linked Domains
0
Linked Addresses
Turn This Intelligence Into Action
If your case resembles this story, continue by checking the website, email, chat, or formal reporting path with a more practical step-by-step guide.
Website Check
Check the linked domains
If the story involves websites, landing pages, or impersonation, move into the website checker next.
Email / Chat
Break down the email or chat next
Many intelligence stories eventually surface as fake support, fake notices, or chat-driven funnels.
Formal Reporting
Review reporting and victim guides
If your case mirrors this pattern closely, move straight into reporting and victim action planning.