A critical Windows Netlogon vulnerability, tracked as CVE-2026-41089, has emerged as a significant security concern after authorities warned that threat actors are actively attempting to exploit the flaw to gain remote code execution capabilities on vulnerable systems. 

The security issue, which carries a CVSS severity score of 9.8, was publicly disclosed on May 12, 2026, when Microsoft addressed it alongside 136 other vulnerabilities as part of its monthly Patch Tuesday security updates.

While several of the bugs fixed during that release were identified as likely candidates for exploitation, CVE-2026-41089 was not initially included among those expected to be targeted by attackers. 
Thr...