Description
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
Published: 2026-06-09
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow via a stack‑based flaw in Active Directory Domain Services allows an attacker with sufficient privilege on the network to run arbitrary code on the domain controller. The vulnerability is exploitable only by accounts that already have legitimate administrative authority, which means that it can be used by a compromised or legitimately authorized user to gain further control or pivot to other resources. The potential damage is systemic, giving the attacker the same privileges as the exploited account and compromising confidentiality, integrity, and availability for the entire domain.

Affected Systems

Microsoft Windows Server 2022, Windows Server 2025, and Windows Server 2025 Server Core installations are affected. Any AD DS instance running under these operating systems is vulnerable, regardless of the specific domain configuration or role set.

Risk and Exploitability

The CVSS score of 8.8 highlights high severity; however, EPSS data is not provided, so the exact likelihood of exploitation cannot be quantified. The vulnerability is not listed in CISA’s KEV catalog, but the fact that an authorized attacker can trigger the flaw increases the real‑world risk for environments lacking strict privilege segregation and external network segmentation.

Generated by OpenCVE AI on June 9, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for CVE‑2026‑45648 as published on the MSRC update guide.
  • Restrict administrative privileges on domain controllers so that only trusted accounts can perform high‑privilege operations.
  • Configure firewall or network segmentation to limit inbound traffic to Active Directory Domain Services ports to trusted sources only.
  • Enable centralized logging and monitoring for authentication and replication events to detect suspicious activity early.

Generated by OpenCVE AI on June 9, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows Server 2025 (server Core Installation)

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
Title Windows Active Directory Domain Services Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft windows Server 2022
Microsoft windows Server 2025
Weaknesses CWE-121
CPEs cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Server 2022
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Server 2022 Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T21:50:09.600Z

Reserved: 2026-05-12T20:33:35.157Z

Link: CVE-2026-45648

cve-icon Vulnrichment

Updated: 2026-06-09T19:21:56.822Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:31.920

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45648

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:14Z

Weaknesses