{
  "title": "Microsoft Exchange CVE-2026-42897: KEV OWA Mitigation Exposure",
  "summary": "CISA added Exchange Server CVE-2026-42897 to KEV on 2026-05-15. MSRC marks exploitation detected and points to Exchange Emergency Mitigation Service mitigation ID M2 rather than a normal update table.",
  "date": "2026-05-26",
  "severity": "critical",
  "tags": [
    "microsoft-exchange",
    "cisa-kev",
    "zero-day",
    "vulnerability-response",
    "owa"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "microsoft-exchange-cve-2026-42897-kev",
    "since": "2026-05-26T00:00:00Z",
    "until": "2026-05-26T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-42897"
    ],
    "cwes": [
      "CWE-79"
    ],
    "advisoryIds": [],
    "products": [
      "Exchange Server OWA",
      "Exchange Server 2016",
      "Exchange Server 2019",
      "Exchange Server Subscription Edition"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [
      "Logging/MitigationService",
      "Logging/HttpProxy/Owa"
    ],
    "services": [
      "MSExchangeMitigation"
    ],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "Outlook Web Access",
      "OWA",
      "MitigationsApplied",
      "MitigationsBlocked",
      "M2"
    ]
  }
}