SECURITYTHE REGISTER
Exploited Exchange Server flaw turns OWA inboxes into script launchpads
Microsoft confirmed a vulnerability in on-premises Exchange Server that could result in script execution in victims' browsers, affecting Outlook Web Access and tracked as CVE-2026-42897. The flaw can be triggered by a specially crafted email and has a CVSS score of 8.1. A mitigation has been released via the Exchange Emergency Mitigation Service.
Mentioned