Windows Netlogon RCE Vulnerability (CVE-2026-41089)
Posted on
June 3, 2026
Information Security Advisory
A recently discovered critical vulnerability (CVE‑2026‑41089) affects Microsoft Windows Server and may allow a remote, unauthenticated attacker to execute arbitrary code on affected systems by targeting the Netlogon service. Severity level: CVSS Score: 9.8/Critical. Description: CVE‑2026‑41089 is a stack‑based buffer overflow vulnerability in the Windows Netlogon service. The flaw occurs due to improper handling of specially crafted network requests in the Netlogon RPC interface.
An attacker can exploit this vulnerability by sending a malicious request to a vulnerable domain controller, causing the service to overwrite memory on the stack. This can result in remote code execution with SYSTEM‑level privileges, without requiring authentication or user interaction. Affected Versions: Microsoft Windows Server 2012/ 2012 R2. Microsoft Windows Server 2016. Microsoft Windows Server 2019. Microsoft Windows Server 2022 / 2022 23H2. Microsoft Windows Server 2025. Impact: Successful exploitation may allow attackers to execute arbitrary code with system privileges. Resolution: Install the Microsoft’s May 2026 updates immediately. Prioritize Domain Controller and identity Infrastructure systems. Reference:
