Microsoft Exchange Zero-Day Under Attack, No Patch Available

CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.