Cert-In-Advisories

[CIVN-2026-0241] Spoofing Vulnerability in Microsoft Exchange Server

By Published On: May 19, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Spoofing Vulnerability in Microsoft Exchange Server


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: CRITICAL


Software Affected


Microsoft Exchange Server 2019 Cumulative Update 14

Microsoft Exchange Server 2016 Cumulative Update 23

Microsoft Exchange Server 2019 Cumulative Update 15

Microsoft Exchange Server Subscription Edition RTM

Overview


A vulnerability has been reported in Microsoft Exchange Server which could allow an unauthorized remote attacker to perform spoofing attacks on the targeted system.


Target Audience:

All end-user organizations and individuals using the Microsoft Exchange Server.


Risk Assessment:

Spoofing attacks, Information disclosure.


Impact Assessment:

Session hijacking, sensitive data exposure.


Description


This vulnerability exists in Microsoft Exchange Server due to improper neutralization of input during web page generation (¿Cross-site Scripting¿). An attacker could exploit this vulnerability by sending a specially-crafted request.


Successful exploitation of this vulnerability could allow an unauthorized remote attacker to perform spoofing attacks on the targeted system.


Solution


Apply appropriate security updates as mentioned:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897



Vendor Information


Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897


References


Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897


CVE Name

CVE-2026-42897




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoMeKkACgkQ3jCgcSdc

ys980A/8DH4IU4E7zkiFGV1IEqSwirndgAAtNTHsWX4rYxEEdIJAEvzpY7syuyCg

i17zyububba8gAzrFyD0icWxpr9q4L3IW0sabKBBBSM/qh1EpyWROeYgj3q72tr9

rb9X8la6uSAwEB78TNhMKq0JtrosXMAcdzIdNnB4vlWA3qtPaw/cu1N92OTi5+oT

HvCt89EKp2iEp1OUwmOcd8sO0sZVzAi8lt5Bz7yv2f6J+tFDIeAXjdKPQCF+aLBH

8SG8jrj9/SL5hDmdYOEHAvHzt2JwKWrVNYmnhoMLdvxI4SKiBkfV63bXtAjyQUXe

bHPpjrqjL0c8ut/nC179I4i2/C9GntClkXIrbFleedCSTU1FaoOc9fTzZlKgI9le

DmvZMO+TlJcGI8fC92XkORxwupW/6t+KSKxuuNHtTDg5SkLOpou2ew6tJL5s9vB2

NV98rd8jcM7ApnuryhMflyjkElhW81YvOpu+Ab65A1oSo2MsPd2Sps5rFbJfS3Wx

WQxtjFSZol+IWAywh5i015XJ/i/z/61jQAc++lW3jcYTPW4U/n7tW4Mn+otp/vCv

E0GvNsklW4UhJBj/h3//UV14VswlhQCqxQKAFu/CmBCJv3g1U5QfycEp75urTSRv

L2hX+D1sLqwdsLsIc8twkTgOE+CUtEpTEV4VXC7hnjyZDWak7Kw=

=zlrA

—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIVN-2026-0250] Race Condition Vulnerability in Linux Kernel

[CIVN-2026-0250] Race Condition Vulnerability in Linux Kernel

May 20, 2026
[CIVN-2026-0250] Improper Access Control Vulnerability in FortiAuthenticator

[CIVN-2026-0250] Improper Access Control Vulnerability in FortiAuthenticator

May 20, 2026
[CIVN-2026-0249] Information Disclosure Vulnerability in Microsoft Authenticator

[CIVN-2026-0249] Information Disclosure Vulnerability in Microsoft Authenticator

May 20, 2026
Total Views: 22|Daily Views: 6
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!