{"uuid": "339f21b8-b29a-44ee-80cc-46676b2a9436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mlydgyginn25", "content": "Microsoft confirmed active exploitation of a zero-day in on-premises Exchange Server. CVE-2026-42897 is an Outlook Web Access spoofing flaw rooted in cross-site scripting. A crafted email opened in OWA runs arbitrary JavaScript in the user session. Exchange Online is not affected.", "creation_timestamp": "2026-05-16T17:08:21.831608Z"}