EUVD-2026-35755
GHSA-g3rg-85ff-6538
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
AnalysisAI
Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to initiate an RDP session to an attacker-controlled or attacker-compromised RDP server (UI:R user interaction), and the attacker must overcome high attack complexity (AC:H) - likely involving heap layout manipulation to make the use-after-free / heap overflow reliably exploitable against Windows memory mitigations such as ASLR, DEP, and CFG. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 7.5 (High) vector AV:N/AC:H/PR:N/UI:R reveals important tempering factors: although exploitation is network-based and requires no privileges, attack complexity is HIGH (suggesting non-trivial heap grooming or bypass of mitigations like ASLR/CFG) and user interaction is REQUIRED (the victim must initiate or accept an RDP connection to a malicious server). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker stands up a malicious RDP server (or compromises a legitimate one) and lures a victim into connecting - for example by sending a crafted .rdp file via phishing email, hosting a fake remote-support page, or hijacking a DNS/CDN entry for an internal jump host. When the victim's Remote Desktop Client connects, the attacker returns malformed protocol responses that trigger the heap-based buffer overflow / use-after-free, achieving arbitrary code execution in the user's context on the client machine. … |
| Remediation | Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44801 for each affected Windows version and Remote Desktop Client package - patch status is best characterized as 'Patch available per vendor advisory' since the input does not include an exact fix build number, so consult the MSRC update guide to identify the precise KB numbers for your platform. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Restrict RDP access to trusted internal servers only; disable RDP on non-critical systems; inventory all systems using Microsoft Remote Desktop Client. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today