Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-41089EXPLOITEDPATCHED

microsoft · windows

Windows Netlogon Remote Code Execution Vulnerability

Description

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Affected Products

Vendor	Product	Versions
microsoft	windows	6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows server 2016 (server core installation)	mitre_affected	90%
microsoft	windows server 2022, 23h2 edition (server core installation)	mitre_affected	90%
microsoft	windows server 2012 r2	mitre_affected	90%
microsoft	windows	mitre_affected	90%
microsoft	windows server 2012 r2 (server core installation)	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089(vendor-advisory, patch)

Related News (8 articles)

Tier B

BSI Advisories1h ago

[NEU] [hoch] Microsoft Windows Produkte: Mehrere Schwachstellen

→ No new info (linked only)

Tier D

Infosecurity Magazine1h ago

Microsoft Fixes 17 Critical Flaws in May Patch Tuesday

→ No new info (linked only)

Tier C

Rapid7 Blog9h ago

Patch Tuesday - May 2026

→ No new info (linked only)

Tier C

Krebs on Security12h ago

Patch Tuesday, May 2026 Edition

→ No new info (linked only)

Tier C

Qualys Blog14h ago

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB16h ago

CVE-2026-41089 | Microsoft Windows Server 2012 up to Server 2022 23H2 Netlogon stack-based overflow

→ No new info (linked only)

Tier A

Microsoft MSRC20h ago

CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability

→ No new info (linked only)

Tier C

CrowdStrike Blog1d ago

May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

6.2.9200.260796.3.9600.2318110.0.14393.914010.0.17763.875510.0.20348.513910.0.25398.233010.0.26100.32860

CWECWE-121

PublishedMay 12, 2026

Last enriched1h agov4

Tags

RCENetlogonCVE-2026-41089

Trending Score98

Source articles8

Independent8

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-41096EXP

Windows DNS Client Remote Code Execution Vulnerability

CRITICALCVE-2026-41103EXP

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

HIGHCVE-2026-42831EXP

Microsoft Office Remote Code Execution Vulnerability

CRITICALCVE-2026-33844EXP

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

CRITICALCVE-2026-42898EXP

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: description, exploitAvailable, activelyExploited

May 12, 2026

Updated: tags

May 13, 2026

Actively Exploited

May 13, 2026

Exploit Available

May 13, 2026

Patch Available

May 13, 2026

Updated: tags

May 13, 2026

Version History

v4

Last enriched 1h ago

v4Tier D1h ago

Updated description with more technical detail and added new tag for CVE-2026-41089.

tags

via Infosecurity Magazine

v3Tier C7h ago

Updated description with more technical details and added new tags related to the vulnerability.

tags

via Rapid7 Blog

v2Tier A16h ago

Added a detailed description of the vulnerability and updated exploit availability status to true.

descriptionexploitAvailableactivelyExploited

via Microsoft MSRC

v116h ago

Initial creation