Zero-Day Vulnerability in Microsoft Exchange Actively Exploited

A zero-day vulnerability (CVE-2026-42897) in Microsoft Exchange has been actively exploited, with no patch currently available. The flaw is a cross-site scripting (XSS) vulnerability that enables attackers to compromise Outlook Web Access (OWA) mailboxes. The issue specifically affects Microsoft Exchange servers, though no exact versions or deployment environments were specified. No timeline for exploitation or patch release was provided in the report. The impact includes potential unauthorized access to sensitive email data via OWA.