CVE

CVE-2026-41096

0field notes · 1digest CVSS 9.8

Daily digests

An unauthenticated attacker can trigger a heap-based buffer overflow in the Windows DNS service and execute code remotely. No credentials needed, no user interaction. CVSS 9.8. If your DNS servers face the network (and they do), this is a top-priority patch.

Patch Tuesday · May 13, 2026
Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more

CVE-2026-41096

Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more