{"uuid": "f32c61bb-9dcb-4793-bf70-13b08ddf6bc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41089", "type": "seen", "source": "https://chaos.social/users/gsuberland/statuses/116677657051969524", "content": "hmm. CVE-2026-41089 looks like a super basic stack buffer overflow in LSASS, straight out of a remote packet. I know Microsoft runs CodeQL over their code, and I can't envision a world where LSASS doesn't have coverage, so that raises questions about how it wasn't identified. my best guess is a process gap somewhere, but it would be cool to see a post incident report with info.\n(and before one of you mentions the slopcoding thought-terminating clich\u00e9, maybe think about it for a minute first)", "creation_timestamp": "2026-06-02T00:22:39.655672Z"}