Mitm

vulnerability 2026-05-14
Every Windows Endpoint is a Target: CVE-2026-41096 Heap Overflow in DNS Client Enables Remote Code Execution
CVE-2026-41096 is a CVSS 9.8 heap overflow in the Windows DNS Client. A single malicious DNS response can yield code execution on any Windows host — no auth, no user click, no document opened. The blast radius is every Windows endpoint that resolves a name.
windows dns rce patch-tuesday heap-overflow mitm endpoint-security cvss-9.8

Every Windows Endpoint is a Target: CVE-2026-41096 Heap Overflow in DNS Client Enables Remote Code Execution