M365 Change Tracker

← All changes · security · CVE-2026-42897

CVE-2026-42897CriticalImmediate

Microsoft Exchange Server Spoofing Vulnerability

Severity Critical  ·  Urgency Immediate  ·  Exploited in the wild

Why it matters: Exploited in the wild — CISA fix-by 2026-05-29

Spoofing · Critical · CVSS 8.1 · Exploited in the wild. Affects: Exchange Server.

CVSS 8.1EPSS 5.6%Exploited in the wildCISA remediation due 2026-05-29 (passed 25d ago)Update published 2026-06-23Source updated 2026-06-23NVDCISA KEV

Affected: Exchange Server

Change history

2026-06-23 · First seen

View at Microsoft →