Microsoft warns of Exchange zero-day flaw exploited in attacks

Friday, May 15, 2026 at 09:40 AM UTC·Source: BleepingComputer

Updated: Friday, May 15, 2026 at 10:00 AM UTC

Executive Summary

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]

Analysis

Source Attribution

Originally published by BleepingComputer on May 15, 2026.

Related Threats

CRITICALZero Day

New Cisco SD-WAN Zero-Day Grants Admin Access

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/new-cisco-sd-wan-zero-day-grants-admin-access-image_small-6-a-31708.jpg" align=right hspace=4><b>Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access</b><br>A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without auth

1d agoBank Info Security

CRITICALZero Day

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group. “This is another reminder to find a trust

CVE-2026-42897

1d agoCSO Online

CRITICALZero Day

Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. [...]

1d agoBleepingComputer