tldrdailynews.com logo
Tag

Cve 2026 42897

All articles tagged with #cve 2026 42897

Week in Security: Exchange Zero-Day Exploited, NPM Worm Surges, and AI Supply-Chain Risks
cybersecurity9 days ago

Week in Security: Exchange Zero-Day Exploited, NPM Worm Surges, and AI Supply-Chain Risks

This weekly security roundup highlights rapid, multi-vector threats: on-prem Microsoft Exchange is being exploited via CVE-2026-42897 (spoofing/XSS), Cisco’s SD-WAN Controller faces active exploitation from CVE-2026-20182, and a TeamPCP‑driven wave poisons TanStack npm packages as part of a larger supply-chain campaign. The era of fake AI repos delivering stealer malware continues (Open-OSS/privacy-filter on Hugging Face). AI-assisted vulnerability discovery is accelerating with OpenAI’s Daybreak and Microsoft MDASH, alongside other notable findings (ransomware deals, new CVEs, and cross‑platform E2EE deployments). The takeaway: patch early, rotate keys, and assume software supply chains are compromised.

via The Hacker News|
#cve-2026-42897#cybersecurity#exchange
Exchange zero-day exploited in XSS attacks prompts rapid mitigations ahead of patches
security11 days ago

Exchange zero-day exploited in XSS attacks prompts rapid mitigations ahead of patches

Microsoft warns of a spoofing vulnerability in Exchange Server (CVE-2026-42897) that attackers can exploit via cross-site scripting to run arbitrary JavaScript in Outlook on the Web; patches aren’t yet available, but the Exchange Emergency Mitigation Service (EEMS) can automatically shield on-premises servers, with guidance to enable it now and an option to use the Exchange On-Premises Mitigation Tool (EOMT) for air-gapped networks. Mitigations may disrupt OWA features (calendar printing, inline images) and some OWA modes, and patches are planned for SE RTM and specific CU releases, though 2016/2019 updates may be limited to ESU Period 2. CISA/NSA previously highlighted widely exploited Exchange flaws and guidance to harden servers.

via BleepingComputer|
#cve-2026-42897#exchange-server#mitigations
On-Prem Exchange Exploit Targets Crafted Emails With CVE-2026-42897
technology12 days ago

On-Prem Exchange Exploit Targets Crafted Emails With CVE-2026-42897

Microsoft warns that on-premises Exchange Server is being actively exploited for CVE-2026-42897, a cross-site scripting spoofing flaw that can let an attacker run arbitrary JavaScript when a user opens a crafted email in Outlook Web Access under certain interactions; affected products are Exchange 2016, 2019, and SE (any update), while Exchange Online is not impacted. Mitigations are provided via the Exchange Emergency Mitigation Service (URL rewrite) and the on-prem EOMT tool for manual deployment; air-gapped environments can apply the per-server or all-servers script. A cosmetic issue may show 'Mitigation invalid for this exchange version' but the mitigation is still applicable. No details on who is exploiting or the scope are available; admins are advised to apply the mitigations promptly.

via The Hacker News|
#cross-site-scripting#cve-2026-42897#exchange-emergency-mitigation-service