CVE-2026-42985
Remote Desktop Client Remote Code Execution Vulnerability
Description
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
In plain language
AI Act nowThis is a Remote Desktop Client weakness where a remote attacker may be able to run malicious code on your device without needing authentication, so you should update if you use Remote Desktop—this is a high-risk issue (RED).
CVE-2026-42985 is a remote code execution vulnerability in the Remote Desktop Client (heap-based buffer overflow) that can be triggered by an unauthorized network attacker without authentication (user interaction is required), leading to high impact on Windows devices running affected versions.
What to do now
- Check whether the device is running Remote Desktop Client / the Windows versions listed as affected (Windows 10, Windows 11, and Windows Server editions).
- Verify the installed Remote Desktop Client / Windows build version and compare it to the fixed versions for your specific product line.
- Install the vendor update that contains the fix for CVE-2026-42985 (use the Microsoft Update Guide for your exact platform).
- If you can’t update immediately, reduce exposure by limiting access to Remote Desktop features and the network paths that could reach the Remote Desktop Client from outside your organization.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-42985 and every CVE in our database. Create a free account — no credit card required.
Create Free Account