🕳️ Vulnerabilities & CVEs

CVE-2026-20929: Hackers Hijack Your Certs with DNS CNAME Tricks

Imagine a hacker quietly stealing certificates for your top execs, good for years of backdoor access. CVE-2026-20929 makes it dead simple via DNS tricks—your AD setup's nightmare.

Sarah Chen 📅 Apr 03, 2026 ⏱️ 4 min read 👁️ 1 view
Diagram of Kerberos authentication relay attack using DNS CNAME records to AD CS

⚡ Key Takeaways

  • CVE-2026-20929 enables Kerberos relay to AD CS via CNAME DNS abuse, stealing long-lived certificates.
  • Patch immediately from Jan 2026 Tuesday; detect via cert auth + AD CS correlations.
  • Ditch HTTP web enrollment—it's a relic inviting persistent hacks.

🧠 What's your take on this?

Cast your vote and see what Threat Digest readers think

Sarah Chen
Written by

Sarah Chen

AI research editor covering LLMs, benchmarks, and the race between frontier labs. Previously at MIT CSAIL.

#AD CS attacks #AD CS exploitation #Active Directory security #CVE-2026-20929 #DNS CNAME abuse #Kerberos relay

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by CrowdStrike Blog

Related Stories

📬

Stay in the loop

The week's most important stories from Threat Digest, delivered once a week.

No spam. Unsubscribe any time.