| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2026-45648 | Windows Active Directory Domain Services Remote Code Execution Vulnerability | Windows Server | Critical | 01-07-2026 |
Technical Information
An authenticated attacker with low-privileged domain credentials can exploit this Windows Active Directory Domain Services vulnerability by sending specially crafted requests to the NSPI RPC interface, triggering a stack-based buffer overflow that results in remote code execution on the target server without requiring user interaction.
Patch release date: Jun 09, 2026
Further information on this vulnerability is available at : CVE-2026-45648
Affected Software
Windows Server 2022,Windows Server 2022 (Server Core installation),
Windows Server 2025 (Server Core installation),
Windows Server 2025