Back to overview

CVE-2026-41089

CRITICAL
9.8
CVSS 3.1

Metadata

CVE ID
CVE-2026-41089
State
PUBLISHED
Assigner
microsoft
Reserved
2026-04-16 19:12 UTC
Published
2026-05-12 16:58 UTC
Last updated
2026-06-09 19:32 UTC
Primary CWE
CWE-121
CWE-121: Stack-based Buffer Overflow
Vendor / Product
Microsoft / Windows Server 2012
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (12)
VendorProductPlatformVersions
Microsoft Windows Server 2012 x64-based Systems 6.2.9200.0 < 6.2.9200.26079
Microsoft Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.26079
Microsoft Windows Server 2012 R2 x64-based Systems 6.3.9600.0 < 6.3.9600.23181
Microsoft Windows Server 2012 R2 (Server Core installation) x64-based Systems 6.3.9600.0 < 6.3.9600.23181
Microsoft Windows Server 2016 x64-based Systems 10.0.14393.0 < 10.0.14393.9140
Microsoft Windows Server 2016 (Server Core installation) x64-based Systems 10.0.14393.0 < 10.0.14393.9140
Microsoft Windows Server 2019 x64-based Systems 10.0.17763.0 < 10.0.17763.8755
Microsoft Windows Server 2019 (Server Core installation) x64-based Systems 10.0.17763.0 < 10.0.17763.8755
Microsoft Windows Server 2022 x64-based Systems 10.0.20348.0 < 10.0.20348.5139
Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) x64-based Systems 10.0.25398.0 < 10.0.25398.2330
Microsoft Windows Server 2025 x64-based Systems 10.0.26100.0 < 10.0.26100.32860
Microsoft Windows Server 2025 (Server Core installation) x64-based Systems 10.0.26100.0 < 10.0.26100.32860
Weakness (CWE)
CWESourceDescription
CWE-121 cna CWE-121: Stack-based Buffer Overflow
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References (1)
Back to overview