Back to Blog
Threat Intel Critical — CVSS 9.8
May 12, 2026 4 min read

A Hidden Flaw in Windows DNS Could Let Hackers Take Over Your Machine — Without You Clicking Anything

There's a serious new security vulnerability making the rounds, and this one is particularly nasty because you don't have to do anything wrong for it to affect you. Just being connected to the internet could be enough.

Vulnerability Details
CVE ID
CVE-2026-41096
CVSS Score
9.8 / 10 — Critical
Component
DNSAPI.dll
Attack Type
Heap Buffer Overflow
User Interaction
None Required
Patch Available
Yes — May 12, 2026

The flaw lives inside the Windows DNS Client — a core component that's quietly running on virtually every Windows machine in the world. Every time your computer loads a website, connects to a VPN, or checks for software updates in the background, it's using this component. And right now, that routine process can be weaponised.

What's Actually Going On?

The vulnerability, tracked as CVE-2026-41096, has been given a CVSS severity score of 9.8 out of 10 — about as serious as it gets. The root cause is a heap-based buffer overflow buried inside a system file called DNSAPI.dll, which handles how Windows processes incoming network responses.

When a machine running vulnerable software receives a specially crafted DNS response, it miscalculates the memory it's working with and processes the incoming data incorrectly. An attacker who can intercept or manipulate that network traffic — through a compromised router, a rogue Wi-Fi hotspot, or a poisoned DNS resolver — can exploit this moment to run arbitrary code on the target system.

No user interaction needed. No login required. The machine just has to be online and doing its normal thing.

Why This Is a Bigger Deal for Businesses

This isn't just a threat to individual users. In a corporate environment, where dozens or hundreds of machines sit on the same internal network, an attacker who's already inside the perimeter could use this vulnerability to move laterally — jumping from machine to machine — if systems haven't been patched. That makes it a real concern for IT and security teams managing enterprise infrastructure.

The good news is that Microsoft has assessed active exploitation as currently unlikely. The bad news is that the attack surface is enormous:

Affected Platforms
  • Windows 11 (all versions)
  • Windows Server 2022
  • Windows Server 2025

The Fix Is Already Out — Apply It Now

Microsoft pushed out patches for this vulnerability as part of its May 12, 2026 Patch Tuesday update. The fix addresses the memory handling issue directly, and security professionals are urging organisations to prioritise deployment — especially on internet-facing systems and laptops that frequently connect to untrusted networks like public Wi-Fi.

Immediate Actions to Take
  • Apply the May 2026 Patch Tuesday update on all Windows machines immediately.
  • Prioritise internet-facing systems and employee laptops that connect to public Wi-Fi.
  • If patching is delayed, restrict outbound DNS traffic to trusted resolvers only.
  • Monitor for unusual processes spawned by background network services.
  • For corporate networks, audit internal DNS resolver trust and segment untrusted devices.

In short: update your Windows machines. This one's worth taking seriously.

Tags: CVE-2026-41096 Windows DNS Heap Overflow DNSAPI.dll Patch Tuesday Zero-Click Threat Intel Windows Server
Certifence Security Team
Threat Intelligence & Vulnerability Research

Need Help Patching Your Infrastructure?

Our team can assess your exposure, prioritise patch deployment, and harden your environment against vulnerabilities like CVE-2026-41096.

Talk to Our Team