Threat actors are exploiting a critical-severity Windows Netlogon vulnerability for remote code execution, Centre for Cybersecurity Belgium (CCB) warns.
Tracked as CVE-2026-41089 (CVSS score of 9.8), the security defect was publicly disclosed on May 12, when Microsoft patched it along with 136 other bugs as part of its Patch Tuesday security updates.
According to Redmond’s advisory, the flaw is a stack-based buffer overflow issue that could be exploited via crafted network requests.
Unauthenticated attackers can exploit the security weakness by targeting a Windows server acting as a domain controller, Microsoft’s advisory revealed.
“If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access,” the advisory reads.
