Exploited Exchange Server flaw turns OWA inboxes into script launchpads

The RegisterMay 15, 2026

exchange-servervulnerabilitycybersecurityowajavascript

Microsoft has identified a significant vulnerability in its on-premises Exchange Server, specifically affecting Outlook Web Access (OWA). The flaw, tracked as CVE-2026-42897, allows attackers to execute arbitrary JavaScript in victims' browsers through specially crafted emails, posing a serious risk to administrators. With a CVSS score of 8.1, this cross-site scripting vulnerability is currently being exploited, highlighting urgent security concerns for affected users.

Read original source

← Back to Enterprise Tech