Vulnerability in Microsoft Exchange Server Allows Remote XSS Attacks

📌 A vulnerability has been discovered in Microsoft Exchange Server, allowing attackers to execute remote cross-site scripting (XSS) attacks and bypass security policies. The flaw, identified as CVE-2026-42897, is actively being exploited in the wild as of the report's publication on 15 May 2026. Microsoft confirmed the issue, though no specific affected versions or attack vectors were detailed. The vulnerability enables indirect code injection and security control circumvention, posing a risk to unpatched systems. No additional technical mitigations or workarounds were provided in the notice.