Description
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap-based buffer overflow in the Windows Remote Desktop service that permits an attacker with local authorization to gain elevated privileges. This type of overflow can corrupt memory and override security boundaries, enabling the attacker to execute code or perform actions normally restricted to higher privilege levels.

Affected Systems

Affected products are Microsoft Windows operating systems and servers, including Windows 10 versions 1607, 1809, 21H2, and 22H2; Windows 11 versions 22H3, 23H2, 24H2, 25H2, and 26H1; and Windows Server 2012, 2012 R2, 2016, 2019, 2022, 23H2, and 2025, across both client and server core installations.

Risk and Exploitability

The CVSS score of 7.8 indicates a high impact, but the lack of an available EPSS score suggests no publicly known exploitation trend. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the attacker must be able to run code locally on the affected system, implying the attack vector is local or requires prior compromise. The exploit could elevate a standard user to full administrator rights, allowing arbitrary code execution and potential lateral movement within the network.

Generated by OpenCVE AI on May 12, 2026 at 19:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the official Microsoft security update for CVE-2026-40398 via Windows Update or the Microsoft Update Catalog.
  • Apply the update to all affected Windows 10, Windows 11, and Windows Server systems listed above.
  • Reboot the systems to ensure the update is fully applied.

Generated by OpenCVE AI on May 12, 2026 at 19:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Title Windows Remote Desktop Services Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 10 1607
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-122
CPEs cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 10 1607
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2012
Microsoft windows Server 2012 R2
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2025 Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:56:31.958Z

Reserved: 2026-04-13T00:27:50.797Z

Link: CVE-2026-40398

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:17.460

Modified: 2026-05-12T18:17:17.460

Link: CVE-2026-40398

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T19:15:22Z

Weaknesses