Description
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a stack‑based buffer overflow in the Windows Netlogon service, classified as CWE‑121. An attacker who can send a specifically crafted network request is able to overflow a buffer and execute arbitrary code with the privileges of the Netlogon service. This leads to a full compromise of the affected Windows Server, giving the attacker potential access to confidential data, ability to modify or delete files, and the capacity to disrupt service availability.

Affected Systems

The vulnerable products are Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2025, and the 23H2 edition, in both full and Server Core installations. All 64‑bit builds are affected.

Risk and Exploitability

The CVSS base score is 9.8, indicating critical severity. EPSS data is unavailable, and the vulnerability is not yet listed in the CISA KEV catalog. Because Netlogon operates over the network, the likely attack vector is a remote network attacker that can reach the affected servers on the Netlogon port (commonly 445). Exploitation requires the attacker to be able to send the malformed request to the server; no local privileges are required. The high severity score and remote reachability mean that this vulnerability poses an immediate and significant risk to any unpatched Windows Server environment.

Generated by OpenCVE AI on May 12, 2026 at 20:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for CVE-2026-41089 from the Microsoft Security Response Center, following the instructions in the update guide.
  • Configure firewalls or network segmentation to restrict inbound traffic to the Netlogon service (port 445) to trusted hosts only.
  • Consider disabling or limiting Netlogon traffic over untrusted networks, and enable device guard or virtualization-based security where appropriate to add an extra layer of protection.

Generated by OpenCVE AI on May 12, 2026 at 20:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2012 (server Core Installation)
Microsoft windows Server 2012 R2
Microsoft windows Server 2012 R2 (server Core Installation)
Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2022, 23h2 Edition (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows Server 2012 (server Core Installation)
Microsoft windows Server 2012 R2
Microsoft windows Server 2012 R2 (server Core Installation)
Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2022, 23h2 Edition (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
Title Windows Netlogon Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-121
CPEs cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Server 2012 Windows Server 2012 (server Core Installation) Windows Server 2012 R2 Windows Server 2012 R2 Windows Server 2012 R2 (server Core Installation) Windows Server 2016 Windows Server 2016 (server Core Installation) Windows Server 2019 Windows Server 2019 (server Core Installation) Windows Server 2022 Windows Server 2022, 23h2 Edition (server Core Installation) Windows Server 2025 Windows Server 2025 (server Core Installation) Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:56:36.630Z

Reserved: 2026-04-16T19:12:36.194Z

Link: CVE-2026-41089

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:20.720

Modified: 2026-05-12T18:17:20.720

Link: CVE-2026-41089

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T22:00:18Z

Weaknesses