Is CVE-2026-42897 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-42897 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-42897

CVE-2026-42897. Actively exploited zero-day in Exchange Server — spoofing and cross-site scripting affecting Subscription Edition, 2016, and 2019. Organizations still running on-premise Exchange are running on borrowed time.

2026

What WebPulse reported · 1 analysis

Microsoft Exchange Server Zero-Day Patched: Legacy Email Infrastructure Is the Web's Quiet Attack Surface

CVE-2026-42897. Actively exploited zero-day in Exchange Server — spoofing and cross-site scripting affecting Subscription Edition, 2016, and 2019. Organizations

June 13, 2026

View CVE-2026-42897 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657