Vulnerability · NVD
CVE-2026-47654
HIGH 7.5
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Attack vector : Network
No privileges required
Show raw CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.08%
exploit very unlikely
percentile 23.5%
OS versions that fix this CVE
This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.
- Windows Server 2025 Fixed in 10.0.26100.32995
- Windows Server 2022 Fixed in 10.0.20348.5256
- Windows Server 2019 Fixed in 10.0.17763.8880
- Windows Server 2016 Fixed in 10.0.14393.9234