A critical HTTP.sys RCE vulnerability (CVE-2026-47291) has been detected, posing serious risks to millions of users, with a CVSS score of 9.8. This vulnerability allows unauthorized code execution over networks due to an integer overflow error. Although no public exploits have been observed yet, future exploitation is deemed highly likely, prompting urgent action from system administrators. Users are advised to apply June 2026 security updates and modify the MaxRequestBytes registry value to ensure safety.
Detailed instructions for applying fixes and temporary mitigations have been provided, emphasizing the importance of prompt system updates to prevent potential attacks.