KEV NEU Microsoft CRITICAL
Microsoft Exchange Zero-Day Under Attack, No Patch Available
darkreading · · CVE-2026-42897
Key Insight
Aktive Ausnutzung einer ungepatchten Zero-Day-Schwachstelle in Microsoft Exchange ohne verfügbaren Patch deutet auf koordinierte nation-state oder APT-Kampagne hin und erfordert sofortige Mitigationsmassnahmen für betroffene Produktionsumgebungen.
Beschreibung
CVE-2026-42897 was disclosed two days after a large Patch Tuesday
Risk Score
100- cvss base
- 81.00
- kev bonus
- 20.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 101.00
- industry weight
- 1.56
- freshness factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Pfad: operational
MITRE ATT&CK Mapping
| Technik | Tactic | Procedure | Conf. | Quelle |
|---|---|---|---|---|
| T1190 Exploit Public-Facing Application | Initial Access | Threat actors are actively exploiting CVE-2026-42897, a zero-day vulnerability in Microsoft Exchange Server, which is a publicly accessible email server application, with no patch currently available. | high | llm |