- Description
- Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-122
- Hype score
- Not currently trending
Critical RCE in Windows DNS Client (CVE-2026-41096) & XQUIC protocol manipulation (CVE-2026-6328) threaten data privacy & integrity in transit. DNS cache poisoning also reported in dnsmasq. Patch now! #Cybersecurity #Vulnerabilities #DNS
@YourAnon_irc
8 Jun 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco SD-WAN (CVE-2026-20245) & Unified CM (CVE-2026-20230) actively exploited. Windows DNS Client RCE (CVE-2026-41096) & Oracle WebLogic Proxy (CVE-2026-21962) pose critical risks. Data privacy & integrity in transit are at stake. #Cybersecurity #News
@YourAnon_irc
5 Jun 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - TwoSevenOneT/CVE-2026-41096-Attack-Surface: Attack surface in the real-world environment of CVE-2026-41096 · GitHub - https://t.co/n6JtN7YxF7
@piedpiper1616
4 Jun 2026
232 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Recent alerts: Palo Alto Networks PAN-OS (CVE-2026-0257) has an auth bypass, impacting network integrity. DNS Client (CVE-2026-41096) RCE via crafted DNS poses data privacy & integrity risks. Patch urgently! #Cybersecurity #News #Vulnerabilities
@YourAnon_irc
30 May 2026
68 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-5426 2 - CVE-2023-29218 3 - CVE-2026-2031 4 - CVE-2026-41096 5 - CVE-2024-53141 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 May 2026
145 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical Windows DNS Client RCE (CVE-2026-41096) and an actively exploited Exchange Server zero-day (CVE-2026-42897) threaten data privacy/integrity in transit. Patch urgently. #Cybersecurity #Vulnerabilities #News
@YourAnon_irc
21 May 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent DNS DoS and Windows DNS RCE (CVE-2026-41096) expose transit data via network code execution. A Cisco SD-WAN zero-day (CVE-2026-20182) also risks integrity/privacy in transit. Patch now! #Cybersecurity #NetSec #Vulnerabilities
@YourAnon_irc
21 May 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft's May 2026 Patch Tuesday includes a Critical Windows DNS Client RCE (CVE-2026-41096). Unauth. code execution via crafted DNS responses threatens network security & data integrity in transit. Patch now! #Cybersecurity #DNS #News
@YourAnon_irc
20 May 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 May Microsoft Patch Tuesday: 119 vulns, 1 public exploit 🔥 EoP Windows Kernel (CVE-2026-40369); RCE DNS Client (CVE-2026-41096), Netlogon DC RCE (CVE-2026-41089), TCP/IP UAF (CVE-2026-40415) #PatchTuesday #Microsoft #Windows #AD #Vulristics ➡️ https://t.co/A8REynPvse
@leonov_av
19 May 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2026-41096: New Windows DNS Vulnerability https://t.co/sNH5Msf9E9 A critical Windows DNS Client flaw, CVE-2026-41096, could let attackers run code by sending a malicious DNS response to a normal network query. Microsoft says exploitation is unlikely, but the attack
@dnsaudit
18 May 2026
132 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical exploits (May 16): Exchange (CVE-2026-42897), SD-WAN (CVE-2026-20182) & DNS (CVE-2026-41096) severely threaten data privacy/integrity in transit. NGINX QUIC/SSL flaws deepen risks. #Cybersecurity #Vulnerabilities #News
@YourAnon_irc
17 May 2026
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New zero-days hit Microsoft Exchange (XSS/spoofing, CVE-2026-42897) & Windows DNS Client (RCE, CVE-2026-41096), plus Exim MTA (RCE, CVE-2026-45185). Critical for data privacy & integrity in transit. Patch ASAP! #Cybersecurity #InfoSec #Vulnerabilities
@YourAnon_irc
17 May 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New critical flaws: Exchange zero-day (CVE-2026-42897) actively exploited, Windows DNS Client RCE (CVE-2026-41096), & Cisco SD-WAN auth bypass (CVE-2026-20182). These threaten data privacy/integrity in transit. Patch NOW! #Cybersecurity #ZeroDay #News
@YourAnon_irc
15 May 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
May 2026 Patch Tuesday: no zero-days for once. But CVE-2026-41089 (Netlogon, CVSS 9.8) = unauthenticated RCE on domain controllers. CVE-2026-41096 (DNS Client, CVSS 9.8) = every Windows machine. PoC code typically follows within days. Patch this week. #CyberSecurity https://t
@DIESEC_GmbH
15 May 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft、定例パッチで危険な脆弱性を修正(CVE-2026-41089・CVE-2026-41096・CVE-2026-41103) - 合同会社ロケットボーイズ https://t.co/VosZIxjncz @GoogleNewsより
@CreatorRuru
14 May 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft、定例パッチで危険な脆弱性を修正(CVE-2026-41089・CVE-2026-41096・CVE-2026-41103) https://t.co/if7T1McADS #セキュリティ対策Lab #security #securitynews
@securityLab_jp
14 May 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21510 2 - CVE-2026-46300 3 - CVE-2026-41096 4 - CVE-2026-0300 5 - CVE-2026-34263 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
14 May 2026
128 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability in Windows DNS service leaks to unauthenticated RCE by exploiting heap based buffer overflow remotely. Marked as CVE-2026-41096. Advisory: https://t.co/JBJJOEiD9E. #cve #critical #vulnerability https://t.co/NX8HcJWMvb
@triunedigisec
14 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-41096: ‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response. The vulnerability is tracked as CVE-2026-41096 with a
@lyrie_ai
14 May 2026
26 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Alertes sécurité CVE-2026-41089 et CVE-2026-41096 sur Windows 🚨 Des failles Windows permettent l'exécution de code à distance via le réseau, impactant prioritairement les serveurs Active Directory. https://t.co/GXh3dBpG7E
@LoginSecurite
13 May 2026
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Patch Tuesday May 2026 fixes 138 vulnerabilities ⚠️ Critical flaws include: 🔥 CVE-2026-41096 🔥 CVE-2026-41089 Patch immediately — especially domain controllers & internet-facing systems. 🔗 https://t.co/CChfZZbxnK #CyberSecurity #PatchTuesday
@vulert_official
13 May 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Client (11) and Server (2022 &2025) OS have a 9.8 (Critical) Windows DNS Client Remote Code Execution vulnerability (CVE-2026-41096) that allows an unauthorized attacker to execute code over a network
@SirMwangala
13 May 2026
117 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
2026年5月ぱっちちゅーずでーまとめ ◆Microsoft https://t.co/32GkHwPEhg CVE-2026-42898 Microsoft Dynamics 365 オンプレミスのリモートでコードが実行される脆弱性 CVE-2026-42823 Azure Logic Apps の特権昇格の脆弱性 CVE-2026-41096 Windows
@taku888infinity
13 May 2026
898 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D039A905-2FE4-4A10-85BF-175947E6A017",
"versionEndExcluding": "10.0.22631.7079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4904DDBD-B183-4AA2-ABD6-47BAF1A28861",
"versionEndExcluding": "10.0.22631.7079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "048AD3CD-DD62-4B62-9302-61779D998B4A",
"versionEndExcluding": "10.0.26100.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3682F4DD-0870-4E39-B75E-649C89BB1E08",
"versionEndExcluding": "10.0.26100.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "C2C93D38-DFD7-4DE1-95B8-6D73E4A545D6",
"versionEndExcluding": "10.0.26200.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "05EB89A0-2ADD-4B67-A644-41FE1DE69E4A",
"versionEndExcluding": "10.0.26200.8390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D45A5D2F-E058-4033-B184-BAE224FC1CEA",
"versionEndExcluding": "10.0.28000.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5127F350-9271-4B74-84E0-D7E5D2D5640E",
"versionEndExcluding": "10.0.28000.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F26150-16EA-4D34-8BE9-2EE7C745D707",
"versionEndExcluding": "10.0.25398.2330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABAB3B9-28AF-4278-8E78-E1191B1AFC0C",
"versionEndExcluding": "10.0.26100.32772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]