CVE-2026-41089
Published: 12 May 2026
Summary
CVE-2026-41089 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-29681
Vulnerability details
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow enabling arbitrary code execution over the network in the Netlogon service directly maps to exploitation of remote services.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.