HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-42913Published Modified CNA microsoft

CVE-2026-42913: Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
1.2.7214.0
Affected Products
9

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap-based buffer overflow exists in the Microsoft Remote Desktop Client for Windows. The vulnerability is reachable over the network without any authentication, but requires a victim to interact with a malicious server or content, and exploitation is complicated by memory-layout factors that lower reliability. Successful exploitation gives an attacker full remote code execution on the victim's machine. Patched-image rebuilds at the fix versions (including 1.2.7214.0, 10.0.20348.5256, 10.0.22631.7219, 10.0.26100.8655, and 10.0.26100.32995) are available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection for CVE-2026-42913 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle affected versions of the Remote Desktop Client. Coverage extends to both pipeline-time scans and registry-resident images.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 7.5 (HIGH) and weighting that score against each customer environment's compliance policy to surface it at the appropriate severity tier. Triage routing is available to direct findings to the correct team inbox within each customer organization.

Available
Patch

Patched-image rebuilds at the applicable fix versions are available on HarborGuard the moment upstream fix metadata is confirmed. For customers who opt into auto-remediation, HarborGuard can perform a rebuild, run a regression test suite against the updated image, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the victim's Remote Desktop Client over the network, meaning the victim's host must have outbound connectivity to an attacker-controlled server or must be directed to malicious RDP content.

  • AuthenticationNot required

    No account credentials or prior authentication are needed; the vulnerability is exploitable by an unauthorized attacker.

  • Victim interactionRequired

    The victim must take an action such as connecting to a malicious RDP server or opening a crafted file, making social engineering a prerequisite for exploitation.

  • Attack complexityDetail

    Exploitation is rated high complexity, meaning the attacker must contend with memory-layout variability or other environmental conditions that reduce reliability and require more precise staging.

Blast Radius

  • A successful attacker achieves arbitrary code execution in the context of the victim user, able to run any process or command on the victim's machine.
  • Confidentiality is fully compromised: the attacker can read files, credentials, session tokens, and any data accessible to the victim account.
  • Integrity is fully compromised: the attacker can write, modify, or delete files and system state on the victim host.
  • Availability is fully compromised: the attacker can crash, disable, or otherwise render the victim's system or its services unusable.

How HarborGuard Handles This

Available on HarborGuard: detection for this CVE is active across ingestion pipelines and matched against customer images within minutes of publication. Where compliance policy permits, HarborGuard can rebuild affected images at the applicable fix versions (1.2.7214.0 for the standalone Windows Desktop client; 10.0.20348.5256 for Windows Server 2022; 10.0.22631.7219 for Windows 11 23H2; 10.0.26100.8655 or 10.0.26100.32995 for Windows 11 24H2 and Server 2025). For customers who opt into auto-remediation, the median time from CVE publication to a merged patch PR for high-severity issues is around 90 minutes, covering the rebuild, a regression run, and a pull request opened against affected workloads. Given the victim-interaction requirement, customers running environments where users connect to external RDP endpoints should treat this as a priority patch regardless of auto-remediation settings and consider network-policy controls that restrict outbound RDP (TCP 3389) to approved hosts as a compensating measure until patched images are deployed.

See how HarborGuard automates this

Fix available

1.2.7214.010.0.20348.525610.0.22631.721910.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Remote Desktop client for Windows Desktop
    < 1.2.7214.0 (from 1.2.0.0)
  • Microsoft / Windows 11 version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows Server 2022
    < 10.0.20348.5256 (from 10.0.20348.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References