CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2026-42897, a Microsoft Exchange Server Cross-Site Scripting vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation and highlights the ongoing risks posed by such vulnerabilities to government entities and other organizations.
IFF Assessment
The addition of an actively exploited vulnerability to a known exploited vulnerabilities catalog is bad news for defenders as it indicates an immediate threat that needs remediation.
Severity
Cross-Site Scripting vulnerabilities in widely used server software like Microsoft Exchange can be easily exploited by attackers, allowing them to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking, credential theft, or further system compromise.
CISA KEV: Listed as actively exploited. Federal patch due: May 29, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching or mitigating CVE-2026-42897 immediately, especially if they use Microsoft Exchange Server. The inclusion in CISA's KEV catalog signifies active exploitation, meaning attackers are likely already leveraging this flaw. Organizations should review their vulnerability management programs to ensure they are effectively tracking and remediating vulnerabilities listed in the KEV catalog.