Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-41096: Microsoft Windows DNS Allows Unauthorized Code Execution

CVE-2026-41096

Summary

A security flaw in Microsoft Windows DNS could allow an attacker to run malicious code on a targeted system over the network. This could happen if an attacker sends a specially crafted request to the DNS server. To protect against this, update your Windows systems to the latest version of DNS.

Original title

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Original description

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

nvd CVSS3.1 9.8

Vulnerability type

CWE-122 Heap-based Buffer Overflow

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096

Published: 12 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026