CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
Summary
Hide ▲
Show ▼
Belgium's CCB warned that CVE-2026-41089 is being actively exploited in the wild, urging admins to immediately patch vulnerable Windows servers because the flaw can enable remote code execution on domain controllers. The advisory covers Windows Netlogon, a core authentication service used in Windows domain-based networks, and the issue affects all currently supported Windows Server versions, including Windows Server 2025. Microsoft had already fixed the bug in the May 2026 Patch Tuesday release.
Related Happenings
SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)
Vulnerability
H score82
First: 14.07.2026 23:25
Last: 14.07.2026 23:25
Sources 1
About this happening:
CVE-2026-56164 is an actively exploited SharePoint Server vulnerability that lets an unauthenticated attacker escalate privileges over the network. The flaw puts *...
SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)
VulnerabilityAbout this happening: CVE-2026-56164 is an actively exploited SharePoint Server vulnerability that lets an unauthenticated attacker escalate privileges over the network. The flaw puts *...
Latest development: 15.07.2026 12:20
Microsoft’s July 14 Patch Tuesday included CVE-2026-56164, an elevation-of-privilege flaw in Microsoft SharePoint Server that required no existing privileges and was described as low complexity. The zero-day was one of two vulnerabilities in the release that had been exploited in the wild, and Microsoft issued updates for affected systems.
Microsoft Copilot remote code execution flaw (CVE-2026-48561)
Vulnerability
H score33
First: 14.07.2026 22:22
Last: 14.07.2026 22:22
Sources 1
About this happening:
A CVE-2026-48561 remote code execution flaw in Microsoft Copilot can let an unauthorized attacker execute code over the network, creating remote takeover risk for affected...
Microsoft Copilot remote code execution flaw (CVE-2026-48561)
VulnerabilityAbout this happening: A CVE-2026-48561 remote code execution flaw in Microsoft Copilot can let an unauthorized attacker execute code over the network, creating remote takeover risk for affected...
NetScaler ADC/Gateway arbitrary file read security flaw (CVE-2026-10816)
Vulnerability
H score30
First: 01.07.2026 06:54
Last: 01.07.2026 06:54
Sources 1
About this happening:
Citrix's NetScaler ADC and NetScaler Gateway now have CVE-2026-10816, a 7.7 flaw that can expose files through unauthenticated arbitrary file read when managem...
NetScaler ADC/Gateway arbitrary file read security flaw (CVE-2026-10816)
VulnerabilityAbout this happening: Citrix's NetScaler ADC and NetScaler Gateway now have CVE-2026-10816, a 7.7 flaw that can expose files through unauthenticated arbitrary file read when managem...
Microsoft Malware Protection Engine race-condition elevation-of-privilege remote code execution flaw (CVE-2026-50656)
Vulnerability
H score32
First: 17.06.2026 11:32
Last: 17.06.2026 11:32
Sources 1
About this happening:
Microsoft has released a security update for CVE-2026-50656 after public disclosure of RoguePlanet, a privilege-escalation flaw in the Microsoft Malware Protecti...
Microsoft Malware Protection Engine race-condition elevation-of-privilege remote code execution flaw (CVE-2026-50656)
VulnerabilityAbout this happening: Microsoft has released a security update for CVE-2026-50656 after public disclosure of RoguePlanet, a privilege-escalation flaw in the Microsoft Malware Protecti...
Windows Collaborative Translation Framework CTFMON improper link resolution EoP security flaw (CVE-2026-45586)
Vulnerability
H score20
First: 09.06.2026 20:57
Last: 09.06.2026 20:57
Sources 1
About this happening:
Windows Collaborative Translation Framework (CTFMON) has a local privilege-escalation vulnerability, CVE-2026-45586, that Microsoft patched in June 2026. An author...
Windows Collaborative Translation Framework CTFMON improper link resolution EoP security flaw (CVE-2026-45586)
VulnerabilityAbout this happening: Windows Collaborative Translation Framework (CTFMON) has a local privilege-escalation vulnerability, CVE-2026-45586, that Microsoft patched in June 2026. An author...
Timeline
-
01.06.2026 15:30 2 articles · 1mo ago
CCB warns of active CVE-2026-41089 exploitation in Windows Netlogon
Industry Or Public Sector UpdateBelgium's Centre for Cybersecurity Belgium (CCB) warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild and urged administrators of vulnerable Windows Server systems to patch immediately. Microsoft says the May 2026 Patch Tuesday fix addresses a stack-based buffer overflow that can let an unauthenticated attacker gain remote code execution on targeted domain controllers, and the flaw affects all currently supported Windows Server versions, including Windows Server 2025.
Show sources
- Critical Windows Netlogon RCE flaw now exploited in attacks — www.bleepingcomputer.com — 01.06.2026 15:30
- Critical Windows Netlogon RCE flaw now exploited in attacks — www.bleepingcomputer.com — 01.06.2026 15:30