VDB

CVE-2026-41089

CVE-2026-41089 PUBLISHED CVSS 8.600000381469727 HIGH

Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software. The CCB would like to point your attention to following vulnerabilities: CVE-2026-41089: Windows Netlogon Critical Remote Code Execution Vulnerability. To exploit this CVE, an attacker must send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system with SYSTEM privileges. Exploitation does not require any prior privileges or user interaction and can be executed remotely. Patches are available for all versions of Windows Server from 2012 onwards. CVE-2026-41096: Windows DNS Client Critical Remote Code Execution Vulnerability. An attacker could exploit this vulnerability by sending a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. In certain configurations, this could allow the attacker to run code remotely on the affected system without authentication. CVE-2026-41103: Microsoft SSO Plugin for Jira & Confluence (More likely to be exploited) Critical Elevation of Privilege Vulnerability. Exploitation is possible by sending a specially crafted SSO response during the login process that tricks the system into accepting a forged identity, allowing the attacker to sign in without authenticating the user through Microsoft Entra ID. This may allow the attacker to view or modify content and perform actions with the same permissions as the compromised account, based on the authorization levels defined for that user within the Jira or Confluence server.

EPSS 0.10% · 26.5th percentile

Risk Scores

CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.10%
26.5th percentile

Timeline

  • May 12, 2026 CVE Published
  • May 12, 2026 PoC Published
  • May 12, 2026 PoC Published
  • May 12, 2026 PoC Published
  • May 12, 2026 PoC Published
  • May 12, 2026 PoC Published
  • May 12, 2026 PoC Published
  • May 13, 2026 PoC Published
  • May 13, 2026 PoC Published
  • May 13, 2026 PoC Published
  • May 13, 2026 Security Advisory
  • May 13, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›