Skip to content
The Nexus
SECURITYMay 15 · 11:51 UTCTHE REGISTER

Exploited Exchange Server flaw turns OWA inboxes into script launchpads

Microsoft confirmed a vulnerability in on-premises Exchange Server that could result in script execution in victims' browsers, affecting Outlook Web Access and tracked as CVE-2026-42897. The flaw can be triggered by a specially crafted email and has a CVSS score of 8.1. A mitigation has been released via the Exchange Emergency Mitigation Service.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this