Cyber Resilience

CVE-2026-41089

Critical

Published: 12 May 2026

Published
12 May 2026
Modified
15 May 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7225 99.4th percentile
Risk Priority 80 floored blend · peak EPSS

Summary

CVE-2026-41089 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Remote stack-based buffer overflow enabling arbitrary code execution over the network in the Netlogon service directly maps to exploitation of remote services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-49688Same product: Microsoft Windows Server 2012
CVE-2025-24045Same product: Microsoft Windows Server 2012
CVE-2026-25172Same product: Microsoft Windows Server 2012
CVE-2025-49657Same product: Microsoft Windows Server 2012
CVE-2026-0386Same product: Microsoft Windows Server 2012
CVE-2025-49757Same product: Microsoft Windows Server 2012
CVE-2025-49676Same product: Microsoft Windows Server 2012
CVE-2025-21297Same product: Microsoft Windows Server 2012
CVE-2025-21309Same product: Microsoft Windows Server 2012
CVE-2025-49735Same product: Microsoft Windows Server 2012

Affected Assets

microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.9140
microsoft
windows server 2019
≤ 10.0.17763.8755
microsoft
windows server 2022
≤ 10.0.20348.5074
microsoft
windows server 2022 23h2
≤ 10.0.25398.2330
microsoft
windows server 2025
≤ 10.0.26100.32772

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References