Windows Remote Desktop
by Microsoft
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-26160 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26159 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26151 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2022-26940 | 0.01 | — | 0.16 | May 10, 2022 | Remote Desktop Protocol Client Information Disclosure Vulnerability | |||
| CVE-2022-22017 | 0.01 | — | 0.15 | May 10, 2022 | Remote Desktop Client Remote Code Execution Vulnerability | |||
| CVE-2022-22015 | 0.01 | — | 0.16 | May 10, 2022 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||
| CVE-2022-21990 | 0.01 | — | 0.14 | Mar 9, 2022 | Remote Desktop Client Remote Code Execution Vulnerability | |||
| CVE-2022-21851 | 0.01 | — | 0.10 | Jan 11, 2022 | Remote Desktop Client Remote Code Execution Vulnerability | |||
| CVE-2022-21850 | 0.01 | — | 0.10 | Jan 11, 2022 | Remote Desktop Client Remote Code Execution Vulnerability | |||
| CVE-2025-58718 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-48817 | 0.00 | — | 0.00 | Jul 8, 2025 | Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-32715 | 0.00 | — | 0.02 | Jun 10, 2025 | Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-29967 | 0.00 | — | 0.03 | May 13, 2025 | Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-29966 | 0.00 | — | 0.03 | May 13, 2025 | Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-27487 | 0.00 | — | 0.00 | Apr 8, 2025 | Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. | |||
| CVE-2025-26645 | 0.00 | — | 0.00 | Mar 11, 2025 | Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||
| CVE-2024-49105 | 0.00 | — | 0.02 | Dec 10, 2024 | Remote Desktop Client Remote Code Execution Vulnerability | |||
| CVE-2024-38262 | 0.00 | — | 0.00 | Oct 8, 2024 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||
| CVE-2024-43533 | 0.00 | — | 0.04 | Oct 8, 2024 | Remote Desktop Client Remote Code Execution Vulnerability | |||
| CVE-2024-38131 | 0.00 | — | 0.01 | Aug 13, 2024 | Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
- risk 0.51cvss 7.8epss 0.00
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
- CVE-2022-26940May 10, 2022risk 0.01cvss —epss 0.16
Remote Desktop Protocol Client Information Disclosure Vulnerability
- CVE-2022-22017May 10, 2022risk 0.01cvss —epss 0.15
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2022-22015May 10, 2022risk 0.01cvss —epss 0.16
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
- CVE-2022-21990Mar 9, 2022risk 0.01cvss —epss 0.14
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2022-21851Jan 11, 2022risk 0.01cvss —epss 0.10
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2022-21850Jan 11, 2022risk 0.01cvss —epss 0.10
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2025-58718Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2025-48817Jul 8, 2025risk 0.00cvss —epss 0.00
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2025-32715Jun 10, 2025risk 0.00cvss —epss 0.02
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
- CVE-2025-29967May 13, 2025risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
- CVE-2025-29966May 13, 2025risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
- CVE-2025-27487Apr 8, 2025risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
- CVE-2025-26645Mar 11, 2025risk 0.00cvss —epss 0.00
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2024-49105Dec 10, 2024risk 0.00cvss —epss 0.02
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2024-38262Oct 8, 2024risk 0.00cvss —epss 0.00
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
- CVE-2024-43533Oct 8, 2024risk 0.00cvss —epss 0.04
Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2024-38131Aug 13, 2024risk 0.00cvss —epss 0.01
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
Page 1 of 2