MSRCwriteup-publishedhigh confidence
CVE-2026-41089: Netlogon's WCHAR-count stack overflow
A Netlogon patch diff and live CLDAP trace show how a byte budget became a WCHAR count, overflowing a domain controller's stack response buffer.
Kaluche / Research
Public patch analysis, root-cause work, reproductions, and research notes.
A Netlogon patch diff and live CLDAP trace show how a byte budget became a WCHAR count, overflowing a domain controller's stack response buffer.
A patch diff of http.sys exposes a 16-bit capacity wrap that turns a reference-array resize into a kernel pool overflow.
A static patch diff of rdpcorets.dll shows how Microsoft closed a manager teardown gap affecting CLIPRDR proxy streams and data objects.