Microsoft Exchange Zero-Day CVE-2026-42897 Exploited in the Wild
Microsoft has disclosed a new zero-day vulnerability in on-premise versions of Exchange Server, identified as CVE-2026-42897. This flaw is actively exploited via crafted emails, allowing attackers to execute arbitrary code remotely. The vulnerability affects multiple versions of Exchange Server, necessitating immediate attention to apply mitigations provided by Microsoft. This incident underscores the critical need for prompt patching and monitoring of Exchange environments to prevent unauthorized access and potential data breaches.