The critical CVE-2026-41089 vulnerability (CVSS 9.8) is a stack-based buffer overflow in the Windows Netlogon service that allows remote code execution via a specially crafted network request and is now actively exploited. Affected versions include Windows Server 2016 prior to 10.0.14393.9140, Windows Server 2019 prior to 10.0.17763.8755, and Windows Server 2022 prior to 10.0.20348.5074. Patches are available and must be applied immediately to domain controllers and other affected Windows servers.
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon, the service and protocol that handles authentication and security within a Windows domain environment. The flaw can be exploited by attackers by sending a specially crafted network request to a Windows server that is acting … More → The post Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) appeared first on Help Net Security .