Microsoft
Exchange Server
On-premises Microsoft email and calendaring server.
CU23 Feb26SU (15.1.2507.66)
- Release date
- February 10, 2026
- Security status
- Current version appears affected by 1 high-severity CVE.
Source
Vendor Release Information
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| CU23 Feb26SU (15.1.2507.66) | 2026-02-10 | Release Notes |
Vulnerability tracking
versionPing monitors CVEs for this product. Matching CVEs are listed below. We only display CVEs with a CVSS score of 7.0 or higher that were published within the last 90 days.
Affected status is inferred from published affected version ranges where available. Always verify against the vendor advisory before making production decisions.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2026-42897 | HIGH (8.1) | 2026-05-14 | Current versionaffected | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Affected versions
|