Heap-based Buffer Overflow Vulnerability in Microsoft Remote Desktop Client
CVE-2026-42993

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 21h2; Windows 10 Version 22h2; Windows 11 Version 23h2; Windows 11 Version 23h2
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-42993?

A heap-based buffer overflow exists in Microsoft Remote Desktop Client, enabling an unauthorized attacker to execute arbitrary code over a network. This vulnerability arises due to improper handling of memory within the application, allowing attackers to craft malicious requests that could lead to code execution on the targeted system. Users are advised to apply the necessary patches to safeguard their systems and mitigate the risk associated with this vulnerability.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7417

Windows 10 Version 22H2 32-bit Systems 10.0.19045.0 < 10.0.19045.7417

Windows 11 version 23H2 ARM64-based Systems 10.0.22631.0 < 10.0.22631.7219

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42993 Data

JSON