Description
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap-based buffer overflow in the Remote Desktop Client permits an unauthorized attacker to execute arbitrary code over a network. The flaw involves a use‑after‑free scenario that can be triggered remotely, enabling the attacker to run code with the privileges of the user logged into Remote Desktop.

Affected Systems

Microsoft Windows 10 1809, 21H2, 22H2; Windows 11 23H2, 24H2, 25H2, 26H1; Windows Server 2019, Server 2022, Server 2025 and their Server Core installations are all affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.5, indicating a high impact. EPSS data is not available, but the lack of a KEV listing does not diminish the likelihood that attackers could target Remote Desktop connections, which are common on many networks. If exploited, attackers could gain unauthorized code execution on the system.

Generated by OpenCVE AI on June 9, 2026 at 20:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft Security Update for CVE‑2026‑48563 from the official update guide.
  • Disable Remote Desktop if it is not required for business operations, or restrict RDP access to trusted IP addresses only.
  • Configure the operating system firewall to block inbound Remote Desktop traffic from untrusted networks and enable Network Level Authentication to add an extra layer of verification.

Generated by OpenCVE AI on June 9, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Title Remote Desktop Client Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2019 Windows Server 2022 Windows Server 2025
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T17:48:49.679Z

Reserved: 2026-05-21T20:00:35.245Z

Link: CVE-2026-48563

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:44.893

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-48563

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:30:13Z

Weaknesses