• 🎬 Home
  • 🎯 About
  • Articles
  • Labs
  • 🔥 Kerberoasting
  • ⚙️ Tools & Scripts
  • 🧨 CVE Tracker
  • AI - ArkAI
  • More
    • 🎬 Home
    • 🎯 About
    • Articles
    • Labs
    • 🔥 Kerberoasting
    • ⚙️ Tools & Scripts
    • 🧨 CVE Tracker
    • AI - ArkAI
  • 🎬 Home
  • 🎯 About
  • Articles
  • Labs
  • 🔥 Kerberoasting
  • ⚙️ Tools & Scripts
  • 🧨 CVE Tracker
  • AI - ArkAI

🛡️ RootDC.io – Active Directory CVE Tracker

Welcome to the RootDC CVE Tracker 

Your battlefield logbook for real-world vulnerabilities targeting Active Directory and its components.


We monitor, analyze, and summarize the most critical CVEs impacting domain controllers, Kerberos, ADCS, LDAP, NTLM, Group Policies, and Windows authentication.


Updated regularly. Use it as part of your red/blue defense ops. 



rootdc io

🔥 CVE Tracker

🧨 CVE-2021-42278 — sAMAccountName Spoofing

🎯 Allows spoofing of machine account names → Privilege escalation to Domain Admin when chained.

📆 Date: November 2021

🛠️ Patch: KB5008102

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

🧨 CVE-2021-42287 — Kerberos Privilege Escalation

🎯 Enables forged Kerberos tickets to impersonate privileged users.

📆 Date: November 2021

🛠️ Patch: KB5008102

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287

🧨 CVE-2022-26923 – ADCS Certificate Template Exploit

🎯 Escalade via l’enregistrement de certificats non autorisés → accès admin.  

📆 Date : Mai 2022  

🛠️ Patch : KB5014754  

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

🧨 CVE-2020-1472 — Zerologon

🎯 Netlogon protocol flaw allows unauthenticated DC access → full domain takeover.

📆 Date: September 2020

🛠️ Patch: KB4576750

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472

🧨 CVE-2022-26925 — LSA Spoofing (NTLM Relay)

🎯 LSA spoofing attack combined with NTLM relay → system-level access on DC.

📆 Date: May 2022

🛠️ Patch: KB5013943

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925

🧨 CVE-2021-36942 — PetitPotam

 🎯 Exploits MS-EFSRPC to coerce NTLM auth → enables relay to ADCS endpoints.

📆 Date: August 2021

🛠️ Patch: KB5005413

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942

🧨 CVE-2022-30198 — ADCS HTTP Request Smuggling

🎯 Smuggling in ADCS HTTP endpoints → ADCS relay & account takeover.

📆 Date: June 2022

🛠️ Patch: KB5014678

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30198

🧨 CVE-2023-23397 — Outlook NTLM Leak

🎯 Malicious calendar invites leak NTLM hash → relay attack.

📆 Date: March 2023

🛠️ Patch: KB5002355

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

🧨 CVE-2024-49112 — LDAP RCE

 🎯 Remote code execution on DCs via malformed LDAP requests.

📆 Date: April 2024

🛠️ Patch: KB5036030

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 


rootdc io

🧨 CVE-2022-26931 — Kerberos PAC Checksum Forgery

🎯 Exploits checksum validation to create forged TGTs.

📆 Date: May 2022

🛠️ Patch: KB5014011

🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931

🧠 This tracker is manually curated by the RootDC.io crew.  

CVEs listed here are reviewed for real-world red/blue relevance.


📅 Last updated: June 2025  

📩 Want to suggest a CVE? Reach out via GitHub or the contact form.

© 2025 RootDC.io | Built by KuroStrike | GitHub

Powered by

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept