Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Network-reachable RDP parsing bug (AV:N/AC:L) needs no attacker auth (PR:N) but requires the victim to connect (UI:R), yielding full RCE impact (C:H/I:H/A:H).
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
AnalysisAI
Remote code execution in the Microsoft Windows Remote Desktop (RDP) component allows an unauthenticated attacker to run arbitrary code by triggering an integer overflow, but only when a victim is convinced to interact (per CVSS UI:R) - most consistent with a malicious RDP server coercing a connecting client. The flaw affects a broad range of supported Windows client and server releases from Windows Server 2012/Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to initiate or accept an RDP interaction with attacker-controlled data (CVSS UI:R) - in practice, connecting an RDP client to a malicious or compromised RDP server, or opening a crafted .rdp connection, so that the vulnerable RDP parser processes attacker-supplied length values that overflow. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 8.8 (High) with vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - network reachable, low complexity, no privileges, but requiring user interaction, with full confidentiality/integrity/availability impact and no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker stands up a malicious RDP server (or delivers a crafted .rdp file via phishing) and lures a user into connecting; the server returns malformed RDP data whose size field triggers the integer overflow, corrupting memory in the client's RDP stack and executing attacker code in the victim's context. Given AC:L, the parsing bug is reliably triggerable once the victim connects, but the UI:R requirement means the attack hinges on social engineering the connection. … |
| Remediation | Patch available per vendor advisory: apply the Microsoft security update for CVE-2026-58594 referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58594, selecting the correct KB for each affected Windows 10/11 and Windows Server 2012-2025 build (including Server Core). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, conduct inventory of Windows systems running RDP (Windows Server 2012-2025, Windows 10 1607 through Windows 11 26H1), identify critical infrastructure and externally-facing systems requiring priority patching, and establish deployment timeline with affected teams. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Windows 10 Version 1607
View allLocal privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-p
Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-leve
Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-a
Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw aff
Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and s
Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitr
Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTE
Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 throug
Elevation of privilege in the Windows Hyper-V virtual network switch (VMSwitch) lets an authenticated attacker operating
Remote code execution in the Windows Server Network driver stems from a race condition (CWE-362) that lets an unauthoriz
Remote code execution in Microsoft Windows Remote Desktop (RDP) allows an unauthorized network attacker to run arbitrary
Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary co
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44303
GHSA-f6c4-f6g4-38mq