CVE

CVE-2026-41089

0field notes · 1digest CVSS 9.8

Daily digests

An unauthenticated attacker can exploit a stack-based buffer overflow in the Windows Netlogon service to run code remotely. CVSS 9.8 with no auth required. If you remember the Zerologon era, you know how critical Netlogon bugs are: domain controllers are the primary target here.

Patch Tuesday · May 13, 2026
Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more

CVE-2026-41089

Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more