CVE-2026-49164 is a Windows Active Directory Domain Services remote code execution vulnerability caused by a heap-based buffer overflow. Microsoft rates it CVSS v3.1 base 8.1 (High) with a temporal score of 7.1; the vector is network-based, requires no privileges and no user interaction, but attack complexity is high. The impact is high for confidentiality, integrity, and availability. Microsoft states it is not publicly disclosed, not exploited, and exploit code maturity is unproven. Because it affects AD DS, the enterprise relevance is significant, especially for network-exposed domain services, although the high attack complexity reduces ease of exploitation. Highlights: - CVSS scores: Base 8.1 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Unlikely; vector is NETWORK, with HIGH attack complexity, NO privileges required, and NO user interaction. - Severity for enterprise: High technical severity with network exposure and no auth or user interaction required; risk is higher for reachable Active Directory Domain Services, but Microsoft currently assesses exploitation as unlikely. - Patch status: available; customer action required. Affected systems: - Windows 10 1607, 1809, 21H2, 22H2 - Windows 11 24H2, 25H2, 26H1, unspecified - Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2025