CVE-2026-41089 is a critical vulnerability in the Windows Netlogon service, rated 9.8 on the CVSS scale, allowing unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on domain controllers. It affects all supported versions of Windows Server configured as domain controllers, from Windows Server 2012 R2 to the latest release. Microsoft addressed this vulnerability on May 12, 2026, during a broader update that included 138 fixes, but it went largely unnoticed until early June when active exploitation was confirmed. The vulnerability is characterized as a stack-based buffer overflow and is considered "wormable" due to its ability to self-propagate across systems without user intervention. Organizations are advised to patch all domain controllers and audit network access to mitigate exposure.