> TritonInfoSec News
Home / May 19, 2026 / Story
0
#2 Dark Reading general May 18, 2026 at 21:43 UTC

Microsoft Exchange Zero-Day Under Attack, No Patch Available

By Rob Wright

AI Summary

CVE-2026-42897, an unpatched cross-site scripting vulnerability in Microsoft Exchange's Outlook Web Access (OWA), is being actively exploited with no patch currently available. The zero-day allows attackers to compromise OWA mailboxes, posing immediate risk to organizations running on-premises Exchange deployments. Security teams should consider temporary mitigations and monitor OWA access logs for anomalous activity.

Read full article → https://www.darkreading.com/vulnerabilities-threat…

Relevance score: 92.0/100

# More from May 19

  1. 1
    CISA Admin Leaked AWS GovCloud Keys on Github Krebs on Security
  2. 3
    Grafana Confirms Breach After Hackers Claim They Stole Data SecurityWeek
  3. 4
    MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems The Hacker News
  4. 5
    Zero-Day Exploit Against Windows BitLocker Schneier on Security
  5. 6
    Exploitation of Critical NGINX Vulnerability Begins SecurityWeek
  6. 7
    Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 BleepingComputer
  7. 8
    Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws The Hacker News
  8. 9
    Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware The Hacker News
  9. 10
    7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand SecurityWeek