Information Disclosure Vulnerability in Microsoft Windows RDP
CVE-2026-45639

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Remote Desktop Client For Windows Desktop; Windows 10 Version 1607; Windows 10 Version 1809; Windows 10 Version 21h2
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-45639?

An out-of-bounds read vulnerability in Microsoft Windows Remote Desktop Protocol (RDP) could allow unauthorized attackers to access sensitive information over a network. This security flaw may enable attackers to exploit the vulnerability to disclose data that should remain secured, leading to potential risk for affected systems. It is crucial for organizations to apply available patches promptly to mitigate potential data breaches and ensure the integrity of their network communications.

Affected Version(s)

Remote Desktop client for Windows Desktop 1.2.0.0 < 1.2.7214.0

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9234

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8880

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45639 Data

JSON