Security Updates for Microsoft Exchange Server (May 2026)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability as referenced in the May, 2026 security bulletin. - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Serve...

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-30343

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-42897

CVE-2026-42897 affects on-prem Microsoft Exchange Server (2016, 2019, SE) with an XSS flaw in Outlook Web Access caused by improper neutralization of input during web page generation. An attacker could send a crafted email to trigger arbitrary JavaScript execution in the victim’s browser, enablin...

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

...

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

...

Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

KLA91046 SUI vulnerability in Microsoft Server Software

A spoofing vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to perform cross-site scripting attack, spoof user interface. Original advisories CVE-2026-42897 Exploitation Public exploits exist for this vulnerability. Related products...

VulnCheck KEV: CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

PT-2026-40978

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 affected versions not specified Microsoft Exchange Server 2019 affected versions not specified Microsoft Exchange Server Subscription Edition affected versions not specified Description An issue exists in the...

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 CVSS score: 9.1 - An SQL injection...

CVE-2026-21527

User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-21527

CVE-2026-21527 affects Microsoft Exchange Server. The issue is a UI misrepresentation of critical information that enables a network-based spoofing attack without user interaction or privileges. The CVSS v3.1 base metrics indicate an external attack vector with low impact on confidentiality and i...

CVE-2026-21527 Microsoft Exchange Server Spoofing Vulnerability

...

Microsoft Exchange Server Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

PT-2026-7408

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description A flaw in Microsoft Exchange Server’s user interface can lead to the misrepresentation of critical information. This allows an unauthorized attacker to conduct spoofing...

Security Updates for Microsoft Exchange Server (February 2026)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability as referenced in the February, 2026 security bulletin. - User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an...

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2026-14410)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by an attack...

Microsoft Exchange Server Input Validation Error Vulnerability (CNVD-2025-3057284)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...