CVE-2026-47288 – Windows Kerberos Key Distribution Center (KDC) Remote Code Execution

CVE-2026-47288 is a Critical remote code execution vulnerability in Windows Kerberos caused by an integer overflow or wraparound condition. An authenticated attacker on an adjacent network could send specially crafted authentication-related data to a domain controller. Successful exploitation could allow code execution, service disruption, or privilege gain on the domain controller.

CVSS Score: 7.1
SEVERITY: Critical
THREAT:
This vulnerability targets Windows Kerberos KDC, a core part of domain authentication. An attacker already authenticated to the domain could send crafted data to a domain controller and trigger improper memory handling. Because domain controllers are highly sensitive assets, compromise could have serious security consequences.

EXPLOITS:
Publicly Disclosed: No.
Exploited: No.
Exploitability Assessment: Exploitation Unlikely.
No public exploit, zero-day exploitation, or proof-of-concept code is confirmed in the provided data.

TECHNICAL SUMMARY:
CVE-2026-47288 is caused by an integer overflow or wraparound condition, identified as CWE-190, in Windows Kerberos. The vulnerability occurs when specially crafted authentication-related data is processed incorrectly by the affected Windows component. This can cause memory handling errors that may allow code execution or disruption on a domain controller. The CVSS v3.1 metrics show adjacent attack vector, high attack complexity, low privileges required, no user interaction, unchanged scope, and high impact to confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected software includes Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025, including listed Server Core installations.
Exploitation requires an attacker to be authenticated to the domain and able to send specially crafted authentication-related data to a domain controller. Successful exploitation also requires preparation of the target environment to improve reliability.

BUSINESS IMPACT:
This vulnerability is dangerous because it affects domain controllers, which are central to identity, authentication, and access control. A successful attack could disrupt authentication services, weaken domain security, expose sensitive systems, and support further compromise across the Windows environment.

WORKAROUND:
No mitigations or workarounds are listed.
Where patching is delayed, restrict access to domain controllers, monitor unusual Kerberos authentication activity, and review low-privileged domain accounts for unnecessary access.

URGENCY:
This patch should be prioritized because the vulnerability is rated Critical and affects Windows Server systems running Kerberos KDC services. Although exploitation is assessed as unlikely, the impact of compromise on a domain controller can be severe.