What is the CVSS score of CVE-2026-42993?

CVE-2026-42993 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Remote Desktop Client are affected by CVE-2026-42993?

Microsoft Remote Desktop Client is affected by a critical vulnerability (CVE-2026-42993) enabling remote code execution through user-initiated connections to malicious servers, directly threatening…. A patch is available.

How to fix or mitigate CVE-2026-42993?

Within 24 hours: Inventory Microsoft Remote Desktop Client deployments across the organization; distribute security advisory to users regarding risks of connecting to untrusted servers. Within 7 days: Deploy endpoint detection and response rules to monitor for suspicious code execution from RDP client processes; enable enhanced logging on all RDP client connections. Within 30 days: Implement firewall policies to restrict RDP client connections to a whitelist of authorized corporate servers; establish weekly vendor checks for patch availability.

Remote Desktop Client CVE-2026-42993

EUVD-2026-35760 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-06-09 secure@microsoft.com

GHSA-79cp-qrf9-6hv3

Heap Overflow Buffer Overflow Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2022 Windows Server 2025

7.5

CVSS 3.1 · NVD

Temporal: 6.5

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CIRCL (temporal)

6.5 MEDIUM

cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 09, 2026 - 19:03 EUVD

Analysis Generated

Jun 09, 2026 - 18:46 vuln.today

DescriptionNVD

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Attacker hosts malicious RDP server

Delivery

Phish victim with crafted .rdp file

Exploit

Victim's client connects outbound

Install

Server returns malformed protocol response

Heap buffer overflow in client

Execute

Hijack execution flow

Impact

Run code as logged-in user

Recon

Attacker hosts malicious RDP server

Delivery

Phish victim with crafted .rdp file

Exploit

Victim's client connects outbound

Install

Server returns malformed protocol response

Heap buffer overflow in client

Execute

Hijack execution flow

Impact

Run code as logged-in user

Vulnerability AssessmentAI

Exploitation	Exploitation requires the victim to initiate an RDP connection to an attacker-controlled server (UI:R in the CVSS vector), meaning the attacker must socially engineer the user into opening a malicious .rdp file, clicking an rdp:// URI, or otherwise launching the Remote Desktop Client against a hostile endpoint - this is a reverse/client-side attack, not a server-listening RDP exposure like BlueKeep. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H describes a network-reachable, unauthenticated flaw with full CIA impact but tempered by high attack complexity and required user interaction, which is why the base score lands at 7.5 rather than critical. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker stands up a malicious RDP server and lures a target into connecting - typically via a phishing email containing a crafted .rdp file, a malicious link, or a poisoned shortcut on a compromised file share. When the victim's Remote Desktop Client negotiates the session, the rogue server returns a malformed protocol response that overflows a heap buffer in the client, allowing the attacker to execute arbitrary code in the user's context on the victim workstation. …
Remediation	Patch available per vendor advisory - apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42993 as the primary fix; exact patched build numbers should be pulled directly from the MSRC update guide for each affected Windows release. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory Microsoft Remote Desktop Client deployments across the organization; distribute security advisory to users regarding risks of connecting to untrusted servers. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-42993 vulnerability details – vuln.today

Back

Remote Desktop Client CVE-2026-42993

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code