Vulnerability · NVD
CVE-2026-47654
HIGH 7.5
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Attack vector : Network
No privileges required
Show raw CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.07%
exploit very unlikely
percentile 22.7%
OS versions that fix this CVE
This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.
- Windows Fixed in Windows Server 2025 (Server Core installation) 10.0.26100.32995 Windows Server 2025 10.0.26100.32995 Windows Server 2022 (Server Core installation) 10.0.20348.5256 Windows Server 2022 10.0.20348.5256 Windows Server 2019 (Server Core installation) 10.0.17763.8880 Windows Server 2019 10.0.17763.8880 Windows Server 2016 (Server Core installation) 10.0.14393.9234 Windows Server 2016 10.0.14393.9234