CVEs and Zero-Day Exploits: June 1–6, 2026

Between June 1 and June 6, 2026, security researchers documented at least 15 critical-severity CVEs with confirmed active exploitation, including multiple zero-day exploits in the wild. The most significant vulnerability, CVE-2026-41089, is a Windows Netlogon remote code execution flaw with a CVSS score of 9.8 that is already being exploited by AI-driven attackers against domain controllers.

The first week of June 2026 has been one of the most volatile in recent memory for vulnerability disclosure and exploitation. Between June 1 and June 6, security researchers, vendors, and threat intelligence firms documented at least 15 critical-severity CVSS ≥ 9.0 CVEs with confirmed active exploitation, alongside several zero-day exploits discovered in the wild. The week was dominated by five major themes: Windows Netlogon RCE CVE-2026-41089, CVSS 9.8 — A stack-based buffer overflow in the Windows Netlogon service that enables unauthenticated remote code execution on domain controllers. Confirmed actively exploited by AI-driven attackers as of early June, making it the most critical enterprise vulnerability of the week.