<< Back
CVE Number Vulnerability Product Severity Date
CVE-2026-45648 Windows Active Directory Domain Services Remote Code Execution Vulnerability Windows Server Critical 01-07-2026

Technical Information

An authenticated attacker with low-privileged domain credentials can exploit this Windows Active Directory Domain Services vulnerability by sending specially crafted requests to the NSPI RPC interface, triggering a stack-based buffer overflow that results in remote code execution on the target server without requiring user interaction.

Patch release date: Jun 09, 2026
Further information on this vulnerability is available at : CVE-2026-45648

Affected Software

Windows Server 2022,
Windows Server 2022 (Server Core installation),
Windows Server 2025 (Server Core installation),
Windows Server 2025