CVE-2026-42897
Actively exploited. CVE-2026-42897 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-05-15) — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
Public exploit code is available. Proof-of-concept or working exploit code for CVE-2026-42897 is indexed in GitHub PoC. Expect opportunistic scanning and exploitation attempts — prioritize remediation.
JPCERT-AT-2026-0017
JPCERT/CC
2026-06-10
I. Overview
Microsoft has released June 2026 Security Updates to address the vulnerabilities in their products. Attackers leveraging these vulnerabilities may be able to execute arbitrary code remotely without authentication, etc.
Microsoft Corporation
June 2026 Security Updates
https://msrc.microsoft.com/update-guide/en-US/releaseNote/2026-Jun
Microsoft has announced that the following vulnerability, disclosed on May 14, has been exploited in the wild. Please refer to the latest information provided by Microsoft and implement the measures described in "II. Solution."
CVE-2026-42897
Microsoft Exchange Server Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897
II. Solution
Please apply the security update programs through Microsoft Update, Windows Update, etc.
Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
III. References
Microsoft Corporation
Release Notes
https://msrc.microsoft.com/update-guide/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Cyber Security Coordination Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
CSIRTS triage
- What
- A spoofing vulnerability allows attackers to execute arbitrary code remotely without authentication.
- Who is affected
- Users of Microsoft Exchange Server are affected.
- Urgency
- Remediation is urgent as the vulnerability has been exploited in the wild.
- Action
- Apply the security update programs through Microsoft Update.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-42897
Get an email if CVE-2026-42897 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Exploitation confirmedAlready exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 92% of all EPSS-scored CVEs.
Exploit availability
Public exploit or proof-of-concept code for CVE-2026-42897 is indexed in these free datasets. Available exploit code raises real-world risk independent of the CVSS score.
- GitHub PoCPublic proof-of-concept repositories on GitHub reference this CVE.look it up ↗
Advisory coverage (4)
- critical[UPDATE] [critical] Microsoft Windows products: Multiple vulnerabilitiescert-bund · 2026-07-09
- unknownexploitedSecurity Alert: Microsoft Releases June 2026 Security Updatesjpcert · 2026-06-10
- unknownexploited[Update] Vulnerability in Microsoft Exchange Server (May 15, 2026)cert-fr-alerte · 2026-05-15
- criticalexploitedCVE-2026-42897: Microsoft Exchange Server Cross-Site Scripting Vulnerabilitycisa-kev · 2026-05-15
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-42897)