Skip to main content

Active Directory Domain Services CVE-2026-45648

| EUVDEUVD-2026-35692 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-09 secure@microsoft.com GHSA-gmq7-hvj8-4x66
8.8
CVSS 3.1 · NVD
Temporal: 7.7
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.7 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:03 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 8.8

DescriptionNVD

Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft Active Directory Domain Services allows an authenticated network attacker to trigger a stack-based buffer overflow (CWE-121) and execute arbitrary code on the targeted domain controller. With CVSS 8.8 (AV:N/AC:L/PR:L/UI:N) and high impact across confidentiality, integrity, and availability, successful exploitation could enable full domain compromise. There is no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Technical ContextAI

Active Directory Domain Services (AD DS) is the core directory and authentication service in Windows Server environments, exposing protocols such as LDAP, Kerberos, and RPC/DCE over the network. The root cause is CWE-121 (Stack-based Buffer Overflow), in which user-controlled input is written past the bounds of a fixed-size stack buffer, typically corrupting saved return addresses, frame pointers, or adjacent locals. On a domain controller, code executed through such a flaw runs in a highly privileged context, making the surrounding protocol parser or RPC interface a particularly attractive target. Specific affected component, protocol surface, and exact build numbers were not disclosed in the provided data and must be confirmed via the Microsoft MSRC advisory.

RemediationAI

Patch status: Patch available per vendor advisory; the exact fix build numbers were not included in the provided data and should be obtained from the Microsoft Security Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45648 and applied to all domain controllers and any servers running the AD DS role. Until patches are deployed, restrict network reachability of domain controllers to known administrative and member-server subnets via firewall/IPSec rules, tighten which accounts can authenticate to DCs (for example by limiting Authenticated Users where feasible and removing stale or unnecessary domain accounts), and monitor DC event logs and EDR telemetry for anomalous RPC, LDAP, or LSASS activity; note that aggressive network segmentation around DCs can disrupt legitimate replication, Group Policy, and authentication traffic if not scoped carefully.

Share

CVE-2026-45648 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy