- Description
- Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-122
- Hype score
- Not currently trending
New critical flaws: Exchange zero-day (CVE-2026-42897) actively exploited, Windows DNS Client RCE (CVE-2026-41096), & Cisco SD-WAN auth bypass (CVE-2026-20182). These threaten data privacy/integrity in transit. Patch NOW! #Cybersecurity #ZeroDay #News
@YourAnon_irc
15 May 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
May 2026 Patch Tuesday: no zero-days for once. But CVE-2026-41089 (Netlogon, CVSS 9.8) = unauthenticated RCE on domain controllers. CVE-2026-41096 (DNS Client, CVSS 9.8) = every Windows machine. PoC code typically follows within days. Patch this week. #CyberSecurity https://t
@DIESEC_GmbH
15 May 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft、定例パッチで危険な脆弱性を修正(CVE-2026-41089・CVE-2026-41096・CVE-2026-41103) - 合同会社ロケットボーイズ https://t.co/VosZIxjncz @GoogleNewsより
@CreatorRuru
14 May 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft、定例パッチで危険な脆弱性を修正(CVE-2026-41089・CVE-2026-41096・CVE-2026-41103) https://t.co/if7T1McADS #セキュリティ対策Lab #security #securitynews
@securityLab_jp
14 May 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21510 2 - CVE-2026-46300 3 - CVE-2026-41096 4 - CVE-2026-0300 5 - CVE-2026-34263 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
14 May 2026
128 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability in Windows DNS service leaks to unauthenticated RCE by exploiting heap based buffer overflow remotely. Marked as CVE-2026-41096. Advisory: https://t.co/JBJJOEiD9E. #cve #critical #vulnerability https://t.co/NX8HcJWMvb
@triunedigisec
14 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41096: ‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response. The vulnerability is tracked as CVE-2026-41096 with a
@lyrie_ai
14 May 2026
26 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Alertes sécurité CVE-2026-41089 et CVE-2026-41096 sur Windows 🚨 Des failles Windows permettent l'exécution de code à distance via le réseau, impactant prioritairement les serveurs Active Directory. https://t.co/GXh3dBpG7E
@LoginSecurite
13 May 2026
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Patch Tuesday May 2026 fixes 138 vulnerabilities ⚠️ Critical flaws include: 🔥 CVE-2026-41096 🔥 CVE-2026-41089 Patch immediately — especially domain controllers & internet-facing systems. 🔗 https://t.co/CChfZZbxnK #CyberSecurity #PatchTuesday
@vulert_official
13 May 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Client (11) and Server (2022 &2025) OS have a 9.8 (Critical) Windows DNS Client Remote Code Execution vulnerability (CVE-2026-41096) that allows an unauthorized attacker to execute code over a network
@SirMwangala
13 May 2026
117 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
2026年5月ぱっちちゅーずでーまとめ ◆Microsoft https://t.co/32GkHwPEhg CVE-2026-42898 Microsoft Dynamics 365 オンプレミスのリモートでコードが実行される脆弱性 CVE-2026-42823 Azure Logic Apps の特権昇格の脆弱性 CVE-2026-41096 Windows
@taku888infinity
13 May 2026
898 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D039A905-2FE4-4A10-85BF-175947E6A017",
"versionEndExcluding": "10.0.22631.7079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4904DDBD-B183-4AA2-ABD6-47BAF1A28861",
"versionEndExcluding": "10.0.22631.7079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "048AD3CD-DD62-4B62-9302-61779D998B4A",
"versionEndExcluding": "10.0.26100.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3682F4DD-0870-4E39-B75E-649C89BB1E08",
"versionEndExcluding": "10.0.26100.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "C2C93D38-DFD7-4DE1-95B8-6D73E4A545D6",
"versionEndExcluding": "10.0.26200.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "05EB89A0-2ADD-4B67-A644-41FE1DE69E4A",
"versionEndExcluding": "10.0.26200.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D45A5D2F-E058-4033-B184-BAE224FC1CEA",
"versionEndExcluding": "10.0.28000.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5127F350-9271-4B74-84E0-D7E5D2D5640E",
"versionEndExcluding": "10.0.28000.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F26150-16EA-4D34-8BE9-2EE7C745D707",
"versionEndExcluding": "10.0.25398.2330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABAB3B9-28AF-4278-8E78-E1191B1AFC0C",
"versionEndExcluding": "10.0.26100.32772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]