Vulnerability · NVD
CVE-2026-40398
HIGH 7.8
Windows Remote Desktop Services Elevation of Privilege Vulnerability
EPSS
0.02%
exploit very unlikely
percentile 6.5%
OS versions that fix this CVE
This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.
- Windows Fixed in Windows Server 2025 (Server Core installation) 10.0.26100.32860 Windows Server 2025 10.0.26100.32860 Windows Server 2022 (Server Core installation) 10.0.20348.5139 Windows Server 2022 10.0.25398.2330 Windows Server 2019 (Server Core installation) 10.0.17763.8755 Windows Server 2019 10.0.17763.8755 Windows Server 2016 (Server Core installation) 10.0.14393.9140 Windows Server 2016 10.0.14393.9140 Windows 11 26H1 · 2026-H1 10.0.28000.2113 Windows 11 25H2 · 2025-H2 10.0.26200.8457 Windows 11 24H2 · 2024-H2 10.0.26100.8457 Windows 11 23H2 · 2023-H2 10.0.22631.7079 Windows 10 22H2 · 2022-H2 10.0.19045.7291 Windows 10 21H2 · 2021-H2 10.0.19044.7291 Windows 10 1809 · 2018-09 10.0.17763.8755 Windows 10 1607 · 2016-07 10.0.14393.9140