CVE-2026-42897
CRITICAL CISACVSS Score
N/A
Severity
CRITICAL
Source
CISA
Published
May 15, 2026
Description
Microsoft โ Microsoft: Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.