Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-41096EXPLOITEDPATCHED

microsoft · windows dns

Windows DNS Client Remote Code Execution Vulnerability

Description

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Affected Products

Vendor	Product	Versions
microsoft	windows dns	10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0, Windows 11, Windows Server

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows server 2022, 23h2 edition (server core installation)	mitre_affected	90%
microsoft	windows server 2025 (server core installation)	mitre_affected	90%
microsoft	windows 11 version 23h2	mitre_affected	90%
microsoft	windows 11 version 24h2	mitre_affected	90%
microsoft	windows	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096(vendor-advisory, patch)

Related News (7 articles)

Tier B

BSI Advisories1h ago

[NEU] [hoch] Microsoft Windows Produkte: Mehrere Schwachstellen

→ No new info (linked only)

Tier D

Heise Security4h ago

Patchday Microsoft: Kritische DNS-Client-Lücke bedroht Windows

→ No new info (linked only)

Tier C

Cisco Talos14h ago

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

→ No new info (linked only)

Tier C

Qualys Blog14h ago

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB16h ago

CVE-2026-41096 | Microsoft Windows up to Server 2025 DNS Client heap-based overflow

→ No new info (linked only)

Tier A

Microsoft MSRC20h ago

CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability

→ No new info (linked only)

Tier C

CrowdStrike Blog1d ago

May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10.0.22631.707910.0.26100.845710.0.26200.845710.0.28000.211310.0.25398.233010.0.26100.32860

CWECWE-122

PublishedMay 12, 2026

Last enriched4h agov3

Tags

CVE-2026-41096

Trending Score95

Source articles7

Independent7

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-41089EXP

Windows Netlogon Remote Code Execution Vulnerability

CRITICALCVE-2026-41103EXP

Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

HIGHCVE-2026-42831EXP

Microsoft Office Remote Code Execution Vulnerability

CRITICALCVE-2026-33844EXP

Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability

CRITICALCVE-2026-42898EXP

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: description, exploitAvailable, activelyExploited

May 12, 2026

Actively Exploited

May 13, 2026

Exploit Available

May 13, 2026

Patch Available

May 13, 2026

Updated: affectedVersions, tags

May 13, 2026

Version History

v3

Last enriched 4h ago

v3Tier D4h ago

Added affected versions for Windows 11 and Windows Server, and included new CVE ID CVE-2026-41096.

affectedVersionstags

via Heise Security

v2Tier A16h ago

Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.

descriptionexploitAvailableactivelyExploited

via Microsoft MSRC

v116h ago

Initial creation