VDB
msrc_CVE-2026-41089
msrc_CVE-2026-41089
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Windows Server 2022 10.0.20348.5139 | ||
| Windows Server 2022 <10.0.20348.5139 | ||
| Windows Server 2019 <10.0.17763.8755 | ||
| Windows Server 2025 10.0.26100.32860 | ||
| Windows Server 2022 (Server Core installation) 10.0.20348.5139 | ||
| Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.2330 | ||
| Windows Server 2016 <10.0.14393.9140 | ||
| Windows Server 2025 (Server Core installation) 10.0.26100.32860 | ||
| Windows Server 2022, 23H2 Edition (Server Core installation) <10.0.25398.2330 | ||
| Windows Server 2016 (Server Core installation) 10.0.14393.9140 | ||
| Windows Server 2012 <6.2.9200.26079 | ||
| Windows Server 2019 10.0.17763.8755 | ||
| Windows Server 2022 (Server Core installation) <10.0.20348.5139 | ||
| Windows Server 2025 (Server Core installation) <10.0.26100.32860 | ||
| Windows Server 2025 <10.0.26100.32860 | ||
| Windows Server 2019 (Server Core installation) 10.0.17763.8755 | ||
| Windows Server 2016 (Server Core installation) <10.0.14393.9140 | ||
| Windows Server 2016 10.0.14393.9140 | ||
| Windows Server 2019 (Server Core installation) <10.0.17763.8755 | ||
| Windows Server 2012 6.2.9200.26079 |
Exploit Intelligence
- jenniferreire26/CVE-2026-41089 (github-poc-repo)
- CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) (github-poc-repo)
- CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) (github-poc-repo)
- CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) (github-poc)
- CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) (github-poc)
- jenniferreire26/CVE-2026-41089 (github-poc)
- 这是一个用于防御巡检的 CVE-2026-41089 检测脚本。该漏洞是 Microsoft 在 2026 年 5 月安全更新中披露的 Windows Netlogon 远程代码执行漏洞。 (github-poc-repo)
- CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) (github-poc-repo)
- CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) (github-poc-repo)
- CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) (github-poc-repo)
…and 59 more exploits
Timeline
- May 12, 2026 CVE Published
- May 13, 2026 Security Advisory
- May 13, 2026 Security Advisory
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089 advisory
- https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-41089.json advisory
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 url
- https://support.microsoft.com/lifecycle url
- https://www.first.org/cvss url
- https://support.microsoft.com/help/5087538 fix
- https://support.microsoft.com/help/5087545 fix
- https://support.microsoft.com/help/5087424 fix
- https://support.microsoft.com/help/5087539 fix
- https://support.microsoft.com/help/5087423 fix
- https://support.microsoft.com/help/5087541 fix
- https://support.microsoft.com/help/5087537 fix
- https://support.microsoft.com/help/5087470 fix
- https://support.microsoft.com/help/5087471 fix