A Crafted Email Is All It Takes: CVE-2026-42897 Puts Exchange OWA Under Active Attack
On May 14, 2026, Microsoft disclosed CVE-2026-42897, a spoofing vulnerability in on-premises Exchange Server affecting Outlook Web Access. Within 24 hours, CISA added it to the Known Exploited Vulnerabilities catalog. …