Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows unauthenticated remote attackers to read out-of-bounds memory contents over the network, potentially leaking sensitive data from the RDP service process. The vulnerability requires no authentication or user interaction and is rated CVSS 7.5 with high confidentiality impact only. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.
Technical ContextAI
The flaw is an out-of-bounds read (CWE-125) in the Windows implementation of the Remote Desktop Protocol, the proprietary Microsoft protocol (typically TCP/3389) used for remote graphical session access. CWE-125 conditions arise when input-derived offsets or length fields are used to index into a buffer without sufficient bounds validation, causing the parser to read adjacent process memory. In an RDP context this typically manifests during early protocol handshake or PDU/virtual channel parsing in the RDP service handling untrusted client-supplied messages, with leaked memory returned to the attacker via protocol responses or error paths.
RemediationAI
Patch available per vendor advisory: apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42908 for every affected Windows client and Windows Server build in the environment as identified on that page. Where immediate patching is not feasible, restrict TCP/3389 (and UDP/3389) at perimeter and host firewalls so RDP is not reachable from the internet, place RDP behind a Remote Desktop Gateway or VPN that performs pre-authentication, and require Network Level Authentication (NLA) on RD Session Hosts so that protocol parsing only occurs after CredSSP authentication - these controls reduce, but do not eliminate, exposure to an internal attacker and may break legacy or kiosk-style RDP clients that cannot perform NLA.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35597
GHSA-hv2r-hmcx-57g9