Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft patched CVE-2026-41096, a heap-based buffer overflow in Windows DNS that could let an unauthorized attacker execute code remotely on vulnerable Windows systems. The flaw carries a CVSS score of 9.8 and affects a widely deployed network service, making the patch important for exposed environments. Microsoft said the issue was fixed in its May 13, 2026 update cycle.

Related Happenings

Microsoft Windows Server 2016 domain controller discovery failure after KB5087537

Service Disruption
First: 26.05.2026 10:41 Last: 26.05.2026 10:41 Sources 1

About this happening: Microsoft confirmed a **known issue** in **Windows Server 2016** after **KB5087537** that can prevent **domain controller discovery**, disrupting administrative operations and app...

Open Happening

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Open Happening

Microsoft Windows Autopatch fix for EU restricted driver update deployment bug

Security Tool/Service
First: 13.05.2026 17:36 Last: 13.05.2026 17:36 Sources 1

About this happening: **Microsoft** fixed a **Windows Autopatch** service bug that let **restricted driver updates** reach some managed devices in the **EU**, bypassing admin approval controls and crea...

Open Happening

Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale

Security Tool/Service
First: 13.05.2026 16:46 Last: 13.05.2026 16:46 Sources 1

About this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....

Open Happening

Windows Netlogon stack-based buffer overflow security flaw (CVE-2026-41089)

Vulnerability
First: 13.05.2026 11:15 Last: 13.05.2026 11:15 Sources 1

About this happening: Microsoft’s **May Patch Tuesday** fixed **CVE-2026-41089**, a **critical** stack-based buffer overflow in **Windows Netlogon** that could let attackers gain **system privileges**...

Open Happening

Timeline

  1. 13.05.2026 13:36 2 articles · 14d ago

    Microsoft discloses and patches CVE-2026-41096 in Windows DNS

    Initial Disclosure

    Microsoft's May 13, 2026 Patch Tuesday release fixed CVE-2026-41096, a CVSS 9.8 heap-based buffer overflow in Windows DNS that could let an unauthorized attacker execute code over a network by sending a specially crafted DNS response to a vulnerable Windows system.

    Show sources
    Open in new tab