PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54119 Microsoft CVE debrief

CVE-2026-54119 is a Loop with unreachable exit condition vulnerability in Windows Active Directory. This vulnerability allows an unauthorized attacker to deny service over a network. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. The affected product is Windows Active Directory, and the vulnerability is classified as CWE-835. The vulnerability allows an attacker to exploit the vulnerability and deny service over a network. The source confidence is limited, and defenders should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Vendor
Microsoft
Product
Windows 10 Version 1607
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Organizations using Windows Active Directory should prioritize patching this vulnerability to prevent potential denial of service attacks. The vulnerability allows an unauthorized attacker to deny service over a network. The affected product is Windows Active Directory. The vulnerability has a CVSS score of 7.5 and a severity of HIGH.

Technical summary

The vulnerability is caused by a loop with an unreachable exit condition in Windows Active Directory. This allows an attacker to exploit the vulnerability and deny service over a network. The vulnerability is classified as CWE-835. The affected product is Windows Active Directory. The vulnerability has a CVSS score of 7.5 and a severity of HIGH.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by Microsoft
  • Review and update Active Directory configurations
  • Monitor network activity for potential attacks
  • Implement compensating controls to prevent denial of service attacks
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-14T17:17:04.660Z and was last modified on 2026-07-16T12:14:35.503Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. The affected product is Windows Active Directory. The vulnerability allows an unauthorized attacker to deny service over a network. The source confidence is limited, and defenders should verify the affected scope and severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T17:17:04.660Z and has not been modified since then. The NVD entry is currently Analyzed.