Skip to main content

Remote Desktop Client CVE-2026-42992

| EUVDEUVD-2026-35745 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-09 secure@microsoft.com GHSA-26qw-9rj6-9q7x
7.5
CVSS 3.1 · NVD
Temporal: 6.5
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.5 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
CVE Published
Jun 22, 2026 - 06:03 cve.org
HIGH 7.5
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:45 vuln.today

DescriptionNVD

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Technical ContextAI

Microsoft's Remote Desktop Client implements the Remote Desktop Protocol (RDP) over TCP/UDP 3389, parsing a complex stream of virtual-channel, graphics, clipboard, and device-redirection PDUs from the server. CWE-122 (Heap-based Buffer Overflow) indicates that one of these parsers writes attacker-controlled data past the bounds of a heap allocation - typically due to an incorrect length calculation or missing bounds check on a server-supplied field. Because the corruption occurs in the client process, a malicious RDP server (rather than a malicious client) is the threat actor, inverting the usual RDP trust model.

RemediationAI

Patch available per vendor advisory - apply the Microsoft security update for Remote Desktop Client listed in the MSRC entry at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42992, selecting the KB that matches each affected Windows or Remote Desktop app build. Until patches are deployed, restrict outbound TCP/UDP 3389 (and 443 for RD Gateway tunneled sessions) at the perimeter so endpoints cannot reach untrusted RDP servers, and instruct users not to connect to .rdp files or mstsc links from email or web sources; the trade-off is that legitimate connections to third-party hosted desktops will break and must be allowlisted. Where outbound RDP must remain open, force connections through a Remote Desktop Gateway and disable risky virtual channels (clipboard, drive, device redirection) via Group Policy to reduce the attack surface exposed to a hostile server, accepting the usability loss those redirections provide.

CVE-2026-47289 HIGH
8.8 Jun 09

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a ma

CVE-2026-42985 HIGH
8.8 Jun 09

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or

CVE-2025-48817 HIGH
8.8 Jul 08

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2024-49105 HIGH
8.4 Dec 12

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotel

CVE-2025-27487 HIGH
8.0 Apr 08

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated

CVE-2020-0919 HIGH
7.8 Apr 15

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load un

CVE-2026-45639 HIGH
7.5 Jun 09

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to rea

CVE-2026-44801 HIGH
7.5 Jun 09

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RD

CVE-2026-44799 HIGH
7.5 Jun 09

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unau

CVE-2026-42909 HIGH
7.5 Jun 09

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or c

CVE-2025-32715 MEDIUM
6.5 Jun 10

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

CVE-2026-23656 MEDIUM
5.9 Mar 10

Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofin

Share

CVE-2026-42992 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy