CVE-2026-41096

Name of the Vulnerable Software and Affected Versions Microsoft Windows DNS Client (affected versions not specified)

Description A heap-based buffer overflow exists in the Microsoft Windows DNS Client, specifically within the dnsapi.dll component. This issue occurs during the processing of DNS responses and is linked to the DNSQueryRaw() API, which allows applications to send raw DNS queries and receive responses without standard normalization and filtering. An unauthorized remote attacker can exploit this by sending a malicious DNS response via a rogue DNS server, a poisoned resolver, a compromised router, hostile Wi-Fi, or a man-in-the-middle position. This is a zero-click exploit that does not require user interaction and can allow the attacker to execute arbitrary code with high privileges, potentially reaching SYSTEM level.

Recommendations Deploy the May 2026 cumulative updates. Restrict DNS traffic to trusted resolvers where possible. Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity.