Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
| Vendor | Product | Versions |
|---|---|---|
| microsoft | windows dns | 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0, Windows 11, Windows Server |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| microsoft | windows server 2022, 23h2 edition (server core installation) | mitre_affected | 90% |
| microsoft | windows server 2025 (server core installation) | mitre_affected | 90% |
| microsoft | windows 11 version 23h2 | mitre_affected | 90% |
| microsoft | windows 11 version 24h2 | mitre_affected | 90% |
| microsoft | windows | mitre_affected | 90% |
Added affected versions for Windows 11 and Windows Server, and included new CVE ID CVE-2026-41096.
Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.
Initial creation
