Skip to main content

Windows Kerberos CVE-2026-47288

| EUVDEUVD-2026-35699 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-06-09 secure@microsoft.com GHSA-f3mm-ch2c-m27j
7.1
CVSS 3.1 · NVD
Temporal: 6.2
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.2 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:58 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.1

DescriptionNVD

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

AnalysisAI

Remote code execution in Microsoft Windows Kerberos implementation allows an authenticated attacker on an adjacent network segment to trigger an integer overflow and execute arbitrary code. The flaw is rated CVSS 7.1 (High) with high attack complexity and requires low-level privileges, and at the time of analysis there is no public exploit identified. Because Kerberos is a core authentication service in Windows domain environments, successful exploitation has direct implications for domain trust and identity security.

Technical ContextAI

The vulnerability lies in Microsoft's Windows Kerberos authentication subsystem, which implements the Kerberos v5 protocol (RFC 4120) for ticket-based authentication across Active Directory environments. The root cause is CWE-190 (Integer Overflow or Wraparound), in which arithmetic operations on attacker-influenced size or length fields wrap past their numeric bounds, producing an undersized buffer allocation or an out-of-bounds index that subsequent code treats as valid. Tagging as both Integer Overflow and Buffer Overflow suggests the wraparound ultimately feeds a memory copy or parsing routine inside Kerberos message handling (likely AS-REQ/TGS-REQ or related PA-DATA structures), corrupting adjacent memory and enabling code execution within the Kerberos service context.

RemediationAI

Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288 to all affected Windows clients and especially to domain controllers, where the Kerberos service is most exposed and most consequential; patch status here is best characterized as patch available per vendor advisory because an exact fixed build was not included in the supplied data. Until patches are deployed, compensating controls should focus on shrinking the adjacent-network attack surface: segment domain controllers onto management VLANs that exclude general user and guest traffic, enforce 802.1X or NAC on segments that host DCs to keep unauthorized devices off the same broadcast domain, and disable or restrict legacy Kerberos transports if not required (note that tightening UDP/88 or TCP/88 reachability will break authentication for any client that legitimately sits on a now-blocked segment, so validate site topology first). Monitor Kerberos service crashes and unexpected lsass.exe restarts as a detection signal for exploitation attempts.

Share

CVE-2026-47288 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy