inline image
1 Topic
OWA inline CID images still not displayed – EEMS mitigation side effect persists?
Environment: Exchange Server Subscription Edition (SE), RTM Jun26SU installed (all updates current as of June 2026) On-premises, Windows Server 2019 OWA tested in Chrome, Edge, Firefox – all including InPrivate/Incognito mode Issue: Since approximately May 14–15, 2026 (coinciding with the EEMS mitigation rollout for CVE-2026-42897), inline CID-referenced images in emails are no longer displayed in OWA. Instead, OWA replaces them with a transparent 1×1 GIF placeholder (a data-URI containing a blank GIF image). Microsoft Support confirmed this is a known side effect of the EEMS mitigation for CVE-2026-42897. We expected the June 2026 Security Update (KB5094139) to resolve this – but the problem persists even after installation. Test results: Method OWA Outlook Desktop Thunderbird External HTTPS image ✅ Visible ✅ Visible ✅ Visible Base64 embedded image ❌ Not visible ✅ Visible ✅ Visible CID inline image ❌ Not visible (blank placeholder) ✅ Visible ✅ Visible What we confirmed: Affects all users, all browsers, all devices, all networks Affects newly created mailboxes as well The blank placeholder is injected server-side by OWA Problem started exactly with the EEMS mitigation rollout (~May 14, 2026) June 2026 SU (KB5094139) installed – problem still present Microsoft Support has been engaged for 5+ weeks without resolution Questions: Has anyone else confirmed that the June 2026 SU does not fix the OWA inline image rendering issue? Is there a known follow-up fix or hotfix planned specifically for this side effect? Has anyone found a working workaround that does not involve disabling Extended Protection? Any feedback from the Exchange product team or other admins would be greatly appreciated.Solved122Views0likes2Comments