Critical zero-click Netlogon vulnerability exploited to target domain controllers (opens in new tab)

A critical stack-based buffer overflow vulnerability in the Windows Netlogon service is currently being exploited in active cyberattacks. Identified as CVE-2026-41089, this flaw allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on targeted domain controllers. The exploit is particularly dangerous because it requires zero user interaction and can be triggered by sending a specially crafted network request. <a href="