Skip to main content

Windows RDP EUVDEUVD-2026-35597

| CVE-2026-42908 HIGH
Out-of-bounds Read (CWE-125)
2026-06-09 secure@microsoft.com GHSA-hv2r-hmcx-57g9
7.5
CVSS 3.1 · NVD
Temporal: 6.5
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
6.5 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 17:41 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.5

DescriptionCVE.org

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows unauthenticated remote attackers to read out-of-bounds memory contents over the network, potentially leaking sensitive data from the RDP service process. The vulnerability requires no authentication or user interaction and is rated CVSS 7.5 with high confidentiality impact only. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Technical ContextAI

The flaw is an out-of-bounds read (CWE-125) in the Windows implementation of the Remote Desktop Protocol, the proprietary Microsoft protocol (typically TCP/3389) used for remote graphical session access. CWE-125 conditions arise when input-derived offsets or length fields are used to index into a buffer without sufficient bounds validation, causing the parser to read adjacent process memory. In an RDP context this typically manifests during early protocol handshake or PDU/virtual channel parsing in the RDP service handling untrusted client-supplied messages, with leaked memory returned to the attacker via protocol responses or error paths.

RemediationAI

Patch available per vendor advisory: apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42908 for every affected Windows client and Windows Server build in the environment as identified on that page. Where immediate patching is not feasible, restrict TCP/3389 (and UDP/3389) at perimeter and host firewalls so RDP is not reachable from the internet, place RDP behind a Remote Desktop Gateway or VPN that performs pre-authentication, and require Network Level Authentication (NLA) on RD Session Hosts so that protocol parsing only occurs after CredSSP authentication - these controls reduce, but do not eliminate, exposure to an internal attacker and may break legacy or kiosk-style RDP clients that cannot perform NLA.

Share

EUVD-2026-35597 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy