{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-000040394454","releaseDate":"2026-05-12T07:00:00-07:00","cveNumber":"CVE-2026-41089","cveTitle":"Windows Netlogon Remote Code Execution Vulnerability","releaseNumber":"2026-May","vulnType":"Security Vulnerability","latestRevisionDate":"2026-05-12T07:00:00-07:00","description":"<p>Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-121: Stack-based Buffer Overflow"],"cweDetailsListForSearch":["cwe: CWE-121: Stack-based Buffer Overflow","cweUrl: https://cwe.mitre.org/data/definitions/121.html"],"unformattedDescription":"Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-41089","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-41089","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Windows Netlogon","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-121: Stack-based Buffer Overflow","https://cwe.mitre.org/data/definitions/121.html"]}],"articles":[{"title":"Windows Netlogon Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker could send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-41089","version":1,"revisionDate":"2026-05-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"8b695750-f03f-f111-939a-000d3ac5fb71"}]}