CVE-2026-49178 - Windows Active Directory Domain Services Remote Code Execution Vulnerability is a heap-based buffer overflow in Active Directory Domain Services. Microsoft rates it as a high-severity remote code execution issue with CVSS v3.1 base score 8.8 and temporal score 7.7. The vector is NETWORK, with LOW attack complexity, LOW privileges required, and NO user interaction. Microsoft indicates no public disclosure or known exploitation, exploit code maturity is UNPROVEN, and exploitation is currently considered unlikely. Because it affects a network-facing directory service and can be triggered by an authenticated attacker, it is relevant for enterprise AD environments. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, HIGH integrity, and HIGH availability impact. - Exploitation likelihood: Exploitation Unlikely; vector context is NETWORK with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High. The network attack vector and remote code execution impact increase concern for domain services, but Microsoft does not report active exploitation or proof-of-concept code. - Patch status: available; customer action required. Affected systems: - Windows 10 1607 - Windows 10 1809 - Windows 10 21H2 - Windows 10 22H2 - Windows 11 24H2 - Windows 11 25H2 - Windows 11 26H1 - Windows 11 unspecified - Windows Server 2012 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 - Windows Server 2025