Stack-based Buffer Overflow in Windows Netlogon Affects Microsoft Products
CVE-2026-41089

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Windows Server 2012; Windows Server 2012 (server Core Installation); Windows Server 2012 R2; Windows Server 2012 R2 (server Core Installation)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41089?

A stack-based buffer overflow vulnerability in Windows Netlogon permits an unauthorized attacker to execute arbitrary code over a network. This flaw may allow attackers to compromise systems by sending specially crafted requests to the affected service, leading to potential system control and data manipulation. Updating to the latest software versions is critical to mitigate this risk.

Affected Version(s)

Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.26079

Windows Server 2012 R2 (Server Core installation) x64-based Systems 6.3.9600.0 < 6.3.9600.23181

Windows Server 2012 R2 x64-based Systems 6.3.9600.0 < 6.3.9600.23181

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2026-41089 Data

JSON