Description
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: 43.8% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the Windows Netlogon service that allows an attacker who can transmit a specially crafted network payload to execute arbitrary code on the target server. The description does not specify the privilege level that the attacker would obtain, but the ability to run code remotely is a severe compromise risk that could potentially lead to further exploitation or data modification.

Affected Systems

The affected products are Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022 (including the 23H2 edition), and 2025, including their Server Core installations, all on 64‑bit builds.

Risk and Exploitability

The CVSS base score of 9.8 indicates critical severity. The EPSS score of 44% suggests a high probability that this vulnerability is or will be actively exploited. It is currently not listed in the CISA KEV catalog. Because Netlogon operates over TCP 445, the likely attack vector is inferred to be a remote attacker who can reach the affected server on that port. Exploitation requires no local privileges and relies solely on network access to deliver the malformed request.

Generated by OpenCVE AI on June 18, 2026 at 13:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for CVE‑2026‑41089 following the update guide instructions from the Microsoft Security Response Center.
  • Restrict inbound traffic to TCP 445 by configuring firewalls or network segmentation so only trusted hosts can communicate with Netlogon services.
  • If the Netlogon service is not required in a given environment, disable or limit its operation; consider enabling Device Guard or other virtualization‑based security features to add an additional protective layer.

Generated by OpenCVE AI on June 18, 2026 at 13:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2022 23h2
CPEs cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows Server 2022 23h2

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2012 (server Core Installation)
Microsoft windows Server 2012 R2
Microsoft windows Server 2012 R2 (server Core Installation)
Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2022, 23h2 Edition (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows Server 2012 (server Core Installation)
Microsoft windows Server 2012 R2
Microsoft windows Server 2012 R2 (server Core Installation)
Microsoft windows Server 2016 (server Core Installation)
Microsoft windows Server 2019 (server Core Installation)
Microsoft windows Server 2022, 23h2 Edition (server Core Installation)
Microsoft windows Server 2025 (server Core Installation)

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
Title Windows Netlogon Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-121
CPEs cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Server 2012 Windows Server 2012 (server Core Installation) Windows Server 2012 R2 Windows Server 2012 R2 Windows Server 2012 R2 (server Core Installation) Windows Server 2016 Windows Server 2016 (server Core Installation) Windows Server 2019 Windows Server 2019 (server Core Installation) Windows Server 2022 Windows Server 2022, 23h2 Edition (server Core Installation) Windows Server 2022 23h2 Windows Server 2025 Windows Server 2025 (server Core Installation) Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T16:12:26.819Z

Reserved: 2026-04-16T19:12:36.194Z

Link: CVE-2026-41089

cve-icon Vulnrichment

Updated: 2026-05-13T10:00:40.722Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:20.720

Modified: 2026-06-17T10:46:09.190

Link: CVE-2026-41089

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T13:15:15Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow