Information Disclosure Vulnerability in Windows RDP by Microsoft
CVE-2026-56171

7.1HIGH

What is CVE-2026-56171?

The Windows Remote Desktop Protocol (RDP) is affected by a vulnerability that allows unauthorized actors to access sensitive personal information over a network. This exposure can lead to severe privacy risks for users, as it enables attackers to potentially disclose private data without proper authorization. Ensuring that systems are updated and patched against this vulnerability is crucial for maintaining data security and integrity.

Affected Version(s)

Remote Desktop Web Client 2.0.0.0 < 2.1.65.2

Windows Admin Center 1809.0 < 2.7.4

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.