Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
AnalysisAI
Remote code execution in Microsoft Remote Desktop Client for Windows allows unauthenticated network attackers to execute arbitrary code by delivering a malicious connection file or server response, requiring user interaction. This use-after-free vulnerability (CWE-416) affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), Windows Server (2012-2025), and standalone Remote Desktop client versions below 2.0.1070.0. With CVSS 8.8 (network-accessible, no authentication required, low comple
Technical ContextAI
This vulnerability stems from a use-after-free condition (CWE-416) in the Remote Desktop Protocol client implementation, where memory is accessed after being freed during connection handling. The flaw affects Microsoft's Remote Desktop Client across multiple Windows platforms including the standalone Remote Desktop client for Windows Desktop (versions prior to 2.0.1070.0), Windows App Client for Windows Desktop, and integrated RDP clients in Windows 10 (builds 14393.x through 19045.x), Windows 11 (builds 22631.x through 28000.x), and Windows Server editions from 2012 through 2025. Use-after-free vulnerabilities occur when memory management errors allow dereferenced pointers to access freed memory regions, creating conditions where attackers can manipulate memory contents to redirect program execution. In RDP client context, this likely occurs during connection negotiation, session establishment, or processing of server-provided graphics/clipboard data, making it exploitable through malicious RDP servers or man-in-the-middle scenarios where connection parameters are manipulated.
RemediationAI
Apply vendor-released patches immediately through Windows Update or WSUS infrastructure. For standalone Remote Desktop Client for Windows Desktop, upgrade to version 2.0.1070.0 or later via Microsoft Store or direct download from Microsoft. For Windows 10 systems, apply cumulative updates raising builds to at minimum 10.0.14393.9060 (version 1607), 10.0.17763.8644 (version 1809), 10.0.19044.7184 (version 21H2), or 10.0.19045.7184 (version 22H2). Windows 11 deployments require updates to builds 10.0.22631.6936 or higher (22H3/23H2), 10.0.26100.32690 or higher (24H2), 10.0.26200.8246 or higher (25H2), or 10.0.28000.1836 or higher (26H1). Windows Server platforms require updates to specified minimum builds for each version as detailed in affected products section. Interim mitigation strategies include restricting RDP client connections to only trusted, verified servers through Group Policy or firewall rules, blocking external RDP connection file (.rdp) attachments at email gateways, and implementing application control policies to prevent execution of unsigned RDP configuration files. Detailed patch guidance available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22545
GHSA-5468-67hp-7rjg