AI description
CVE-2026-41089 is identified as a stack-based buffer overflow vulnerability affecting Windows Netlogon, a service and protocol crucial for authentication and security within a Windows domain environment. This flaw can be exploited by an attacker who sends a specially crafted network request to a Windows server functioning as a domain controller. Successful exploitation of CVE-2026-41089 could allow an unauthorized attacker to execute code over a network without requiring prior authentication or access. Microsoft disclosed and provided patches for this vulnerability on May 12, 2026, acknowledging its Windows Attack Research & Protection (WARP) team for the discovery. The Centre for Cybersecurity Belgium (CCB) has since issued warnings about active exploitation of this vulnerability in the wild.
- Description
- Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-121
- Hype score
- Not currently trending
# Windows Netlogon CVE-2026-41089 Military-Grade Exploit Kit **LEGENDARY Unauthenticated Stack Buffer Overflow RCE for Domain Controllers.** CVE-2026-41089 **Military-grade exploitation engine:** - ✅ CLDAP overflow packet generation - ✅ Shellcode injection (reverse shell +
@YogSoth0
10 Jun 2026
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
✨ CVE-2026-20245 e CVE-2026-41089: zero-day Cisco SD-WAN e RCE su Netlogon sotto attacco attivo Leggi il blog: https://t.co/ox4yzYugBW https://t.co/eYCip6WhVz
@nuke86
10 Jun 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/eED8FsZ8zL Critical actively exploited Vuln. - CVE-2026-41089 – Windows Server Netlogon Privilege Escalation - CVE-2026-41091 – Microsoft Defender Privilege Escalation - CVE-2026-45498 – Microsoft Defender Denial of Service
@Mahendrak29
9 Jun 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41089. Source: X search for CVE-2026 critical Posted: 2026-05-22T08:43:15.000Z Likes: 10
@lyrie_ai
7 Jun 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Windows Netlogon 0-Click RCE Zafiyeti (CVE-2026-41089) Aktif Olarak İstismar Ediliyor! https://t.co/rWxiGMaPJ6 @LinkedIn aracılığıyla
@AturcDestek
6 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Das belgische Cybersecurity-Zentrum warnt vor aktiven Angriffen auf die #Netlogon-Schwachstelle CVE-2026-41089. Admins müssen Active Directory patchen. https://t.co/vAG6RIEbJU
@it__security
6 Jun 2026
55 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
2026 POC REPORT CVE-2026-41089 WinNetlogon RCE PoC: https://t.co/22dqVfDXKx CVE-2026-31431 K8s Escape PoC: https://t.co/hecVZZEAFH CVE-2026-3854 GitHub RCE PoC: https://t.co/U0pmzvzvs6 CVE-2026-42897 Exchange XSS src: https://t.co/GKt5HlN8Gf
@AlikBurton
5 Jun 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ ثغرة تنفيذ كود عن بُعد في Netlogon تسمح بالاستيلاء على متحكم النطاق دون مصادقة، وتحت استغلال نشط المعرّف : CVE-2026-41089 درجة الخطورة : 9.8 (CVSS) - Critical الإصدارات ا
@KasperskyDev
3 Jun 2026
95 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Windows Netlogon: the next ZeroLogon? The Centre for Cybersecurity Belgium (CCB) has confirmed active exploitation of CVE-2026-41089. Critical RCE on every Windows Server 2022/2025 Domain Controller. Pre-auth. Zero-click. CVSS 9.8. Thread 👇
@diempiga
2 Jun 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Windows Netlogon : la prochaine ZeroLogon ? Le Centre for Cybersecurity Belgium (CCB) a confirmé l'exploitation active de CVE-2026-41089. RCE critique sur tout Domain Controller Windows Server 2022/2025. Pre-auth. Zero-click. CVSS 9.8. Thread
@diempiga
2 Jun 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Windows Netlogonのリモートコード実行(RCE)が悪用され、ドメインコントローラーが危険にさらされています(CVE-2026-41089) Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) #HelpNetSecurity (Jun 1) https://t.co
@foxbook
2 Jun 2026
280 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
現役で使われているVPN・ドメインコントローラ・ホテル端末。今日はその「みんな知ってる名前」が同時に殴られた日だ。 ・PAN-OS GlobalProtect認証バイパス、CVE-2026-0257がKEV入り ・Windows Netlogon RCE、CVE-2026-41089が
@boss_sec_labo
1 Jun 2026
677 Impressions
1 Retweet
5 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2026-41089 Netlogon açığı ortaya çıktı ve çoğu şirket domain controller'larını hâlâ default ayarlarla çalıştırıyor. Microsoft'un 1.499,90₺'lik Server 2025 Standart sürümü patch içeriyor ama patch yeterli mi, yoksa mimarı değiştirmesi gerekiyor? htt
@KeySofti
1 Jun 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089): CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned… https://t.co/fBrCootGk0
@shah_sheikh
1 Jun 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41089: unauthenticated RCE on domain controllers via Netlogon buffer overflow. CVSS 9.8, hits all supported Windows Server including 2025. SYSTEM on a DC = full AD. Now actively exploited - Belgium CCB confirmed today. Patch now, isolate Netlogon RPC. https://t.co/IgDjUv
@PurpleOps_io
1 Jun 2026
142 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Netlogon Remote Code Execution Vulnerability CVE: CVE-2026-41089 PT ID: PT-2026-40234 Vendor: Microsoft Product: Windows Server 2012 CVSS: 9.8 Credits: n/a Description: Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over
@ptdbugs
1 Jun 2026
281 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
⚠️ ثغرة حرجة في خدمة المصادقة على متحكم النطاق تتيح تنفيذ كود عن بُعد دون مصادقة المعرّف : CVE-2026-41089 درجة الخطورة : 9.8 (CVSS) - Critical المنتج المتأثر : Windows Server 2012
@KasperskyDev
29 May 2026
94 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Micropatches released for Windows Netlogon Remote Code Execution Vulnerability (CVE-2026-41089) https://t.co/SReMea98XS May 2026 Windows Updates brought a patch for CVE-2026-41089, a remotely exploitable issue on Windows Server acting as a domain controller. Under certain c…
@f1tym1
26 May 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical 9.8 RCE in Windows Netlogon — CVE-2026-41089. Stack buffer overflow, no auth needed, fully network-exploitable. Affects Server 2012 through 2025. Patch now. #WindowsServer #PatchTuesday https://t.co/ucA8fqRD84
@SecAlertsCo
25 May 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-55182 2 - CVE-2016-5195 3 - CVE-2026-20223 4 - CVE-2026-41940 5 - CVE-2026-41089 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
23 May 2026
322 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 May Microsoft Patch Tuesday: 119 vulns, 1 public exploit 🔥 EoP Windows Kernel (CVE-2026-40369); RCE DNS Client (CVE-2026-41096), Netlogon DC RCE (CVE-2026-41089), TCP/IP UAF (CVE-2026-40415) #PatchTuesday #Microsoft #Windows #AD #Vulristics ➡️ https://t.co/A8REynPvse
@leonov_av
19 May 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-41089 2 - CVE-2023-38606 3 - CVE-2020-17103 4 - CVE-2026-46333 5 - CVE-2026-20182 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 May 2026
159 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-42945 2 - CVE-2026-46333 3 - CVE-2020-17103 4 - CVE-2026-41089 5 - CVE-2026-42897 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch Tuesday Mai 2026: Microsoft behebt 130+ CVEs. CVE-2026-41089 (Netlogon RCE, CVSS 9.8) kritisch. Hyper-V Guest-to-Host Escalation (CVSS 9.3). SAP: SQL Injection in S/4HANA (CVSS 9.6). F5 BIG-IP: Config Utility (CVSS 8.8). Sofort patchen! #PatchTuesday #CVE #Security https:/
@wall_your_x
16 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
May 2026 Patch Tuesday: no zero-days for once. But CVE-2026-41089 (Netlogon, CVSS 9.8) = unauthenticated RCE on domain controllers. CVE-2026-41096 (DNS Client, CVSS 9.8) = every Windows machine. PoC code typically follows within days. Patch this week. #CyberSecurity https://t
@DIESEC_GmbH
15 May 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft、定例パッチで危険な脆弱性を修正(CVE-2026-41089・CVE-2026-41096・CVE-2026-41103) - 合同会社ロケットボーイズ https://t.co/VosZIxjncz @GoogleNewsより
@CreatorRuru
14 May 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft、定例パッチで危険な脆弱性を修正(CVE-2026-41089・CVE-2026-41096・CVE-2026-41103) https://t.co/if7T1McADS #セキュリティ対策Lab #security #securitynews
@securityLab_jp
14 May 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PATCH NOW: CVE-2026-41089 — Windows Netlogon stack overflow CVSS 9.8 | Unauthenticated RCE on domain controllers May 2026 Patch Tuesday — 16 Critical CVEs Netlogon vulns weaponized fast (cf. Zerologon) #ThreatIntel #CVE #CVE202641089 #ZeroDay
@NoctisIntel
13 May 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers chaining CVE-2026-41089 and CVE-2026-41103 to move from Windows Netlogon compromise to Jira/Confluence takeover. The attack path demonstrates how SSO plugin vulnerabilities enable broad lateral movement across development infrastructure. Runtime
@aviatrixtrc
13 May 2026
63 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Alertes sécurité CVE-2026-41089 et CVE-2026-41096 sur Windows 🚨 Des failles Windows permettent l'exécution de code à distance via le réseau, impactant prioritairement les serveurs Active Directory. https://t.co/GXh3dBpG7E
@LoginSecurite
13 May 2026
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Patch Tuesday May 2026 fixes 138 vulnerabilities ⚠️ Critical flaws include: 🔥 CVE-2026-41096 🔥 CVE-2026-41089 Patch immediately — especially domain controllers & internet-facing systems. 🔗 https://t.co/CChfZZbxnK #CyberSecurity #PatchTuesday
@vulert_official
13 May 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71D026B8-B196-4369-9AB3-5FCA21E8AA36",
"versionEndExcluding": "10.0.14393.9140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1926806-B15D-4AF1-967A-7ADA71FF74DC",
"versionEndExcluding": "10.0.17763.8755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10060868-96D5-47E4-8FEB-80A79DCC1134",
"versionEndExcluding": "10.0.20348.5074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F26150-16EA-4D34-8BE9-2EE7C745D707",
"versionEndExcluding": "10.0.25398.2330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABAB3B9-28AF-4278-8E78-E1191B1AFC0C",
"versionEndExcluding": "10.0.26100.32772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]