CVE-2026-49169
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-49169, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Use after free in DNS Server allows an authorized attacker to execute code over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-49169 is a use-after-free vulnerability in a DNS Server. This type of vulnerability occurs when a program continues to use memory after it has been freed, which can lead to unexpected behavior or exploitation.

In this case, an authorized attacker can exploit this flaw to execute arbitrary code over a network. The attacker must have authorization, meaning they likely need some level of access or privileges to the affected system.

Impact Analysis

If you are running a vulnerable DNS Server, this vulnerability could have serious consequences.

  • An authorized attacker could execute arbitrary code on the affected system, potentially gaining control over it.
  • This could lead to unauthorized access to sensitive data, disruption of services, or further compromise of your network.
  • Since the attack vector is over a network, the attacker does not need physical access to the system.
Compliance Impact

This vulnerability could impact compliance with several standards and regulations, depending on the context of the affected system.

  • GDPR: If the affected DNS Server handles personal data of EU citizens, a successful exploit could lead to unauthorized access or data breaches, violating GDPR requirements for data protection and breach notification.
  • HIPAA: For organizations handling protected health information (PHI), this vulnerability could result in unauthorized access to sensitive patient data, violating HIPAA's security and privacy rules.
  • Other standards like ISO 27001 or NIST frameworks may also be impacted, as they require organizations to maintain secure systems and protect against known vulnerabilities.

Failure to address this vulnerability could result in non-compliance, leading to potential fines, legal consequences, or reputational damage.

Mitigation Strategies

Apply the security updates provided by Microsoft to address CVE-2026-49169. Refer to the Microsoft Update Guide for the specific patches or mitigations available for the DNS Server.

  • Ensure that only authorized users have access to the DNS Server to reduce the risk of exploitation.
  • Monitor network traffic and DNS Server logs for any suspicious activity that may indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49169. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart