msrc_CVE-2026-42897

Risk Scores

Exploit Intelligence

• CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports. (github-poc-repo)
• CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports. (github-poc)
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897 (circl)
• https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-42897.json (circl)
• https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (circl)
• https://support.microsoft.com/lifecycle (circl)
• https://www.first.org/cvss (circl)
• feed.xml (github-poc)

Timeline

• May 12, 2026 CVE Published
• May 14, 2026 CVE Updated
• May 15, 2026 Security Advisory
• May 15, 2026 Security Advisory

References

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897 advisory
• https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-42897.json advisory
• https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 url
• https://support.microsoft.com/lifecycle url
• https://www.first.org/cvss url