CVE-2026-49169 is a Windows DNS Server remote code execution vulnerability caused by a use after free issue. Microsoft rates it at CVSS v3.1 base 8.0 (High) with a temporal score of 7.0; the vector is network-based, but requires high attack complexity, high privileges, and no user interaction, with changed scope and high confidentiality, integrity, and availability impact. Microsoft says it has not been publicly disclosed or exploited, and exploit code maturity is unproven. Because this affects Windows DNS Server and is remotely reachable in service contexts, it is relevant for enterprise environments even though the attacker must already have high privileges. Highlights: - CVSS scores: Base 8.0 - Temporal 7.0 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; network vector, but HIGH attack complexity and HIGH privileges required reduce practical remote exploitability. - Severity for enterprise: High severity per CVSS, but lower real-world exposure than network RCE issues that require no privileges or user interaction. Risk is primarily to Windows DNS Server deployments where privileged access is possible. - Patch status: available Affected systems: - Windows Server 2025