CISA has added CVE-2026-42897, a Cross-Site Scripting (XSS) vulnerability in Microsoft Exchange Server, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize remediation of this flaw to reduce exposure to cyberattacks.