Stack-based Buffer Overflow in Windows Netlogon Affects Microsoft Products
CVE-2026-41089

9.8CRITICAL

Key Information:

Vendor

Microsoft
Status
Windows Server 2012
Windows Server 2012 (server Core Installation)
Windows Server 2012 R2
Windows Server 2012 R2 (server Core Installation)
Vendor
CVE Published:
12 May 2026

Badges

📈 Score: 587👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2026-41089?

CVE-2026-41089 is a critical vulnerability identified in the Windows Netlogon protocol, which is a core service responsible for managing user authentication and security within Microsoft environments. This vulnerability manifests as a stack-based buffer overflow, allowing unauthorized attackers to exploit it to execute arbitrary code remotely over a network. The consequences of this flaw can be severe, as it may allow malicious actors to gain unauthorized access to systems, potentially leading to complete control over affected devices and their networks. Organizations relying on Microsoft products that utilize the Netlogon protocol are particularly susceptible, as the compromise of authentication mechanisms can lead to significant security breaches and loss of sensitive data.

Potential impact of CVE-2026-41089

  1. Unauthorized Code Execution: The vulnerability can be manipulated by attackers to execute malicious code on affected systems, enabling them to bypass security measures and gain unauthorized access.

  2. Network Compromise: Successful exploitation may lead to broader network access, allowing an attacker to move laterally within a compromised environment and potentially escalate privileges.

  3. Data Breach Risks: With control over critical systems, attackers can exfiltrate sensitive data, leading to potential financial loss, reputational damage, and regulatory non-compliance for organizations.

Affected Version(s)

Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.26079

Windows Server 2012 R2 (Server Core installation) x64-based Systems 6.3.9600.0 < 6.3.9600.23181

Windows Server 2012 R2 x64-based Systems 6.3.9600.0 < 6.3.9600.23181

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-41089
Created by hnytgl

CVE-2026-41089
Created by 0xABCD01

News Articles

favicon imageNotebookcheck

Windows Netlogon CVE-2026-41089 exploited: Priority patch needed

CVE-2026-41089, a critical Windows Netlogon flaw rated CVSS 9.8, is now actively exploited. Unpatched domain controllers face full SYSTEM-level compromise with no credentials needed.

2 days ago

favicon imageOnmsft

Critical Windows Netlogon Bug CVE-2026-41089 Now Exploited in the Wild

Belgium’s cybersecurity agency warns attackers are actively exploiting the critical Windows Netlogon vulnerability CVE-2026-41089.

2 days ago

favicon imageSecurityweek

Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs

Hackers are exploiting a critical-severity Windows Netlogon vulnerability (CVE-2026-41089) for remote code execution.

3 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.