CVE-2026-32157

CWE-416Use After Free4 documents4 sources
Severity
8.8HIGH
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Microsoft Remote Desktop Client FOR Windows DesktopMicrosoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+19 more
Timeline
PublishedApr 14

Description

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages22 packages

CVEListV5microsoft/remote_desktop_client_for_windows_desktop1.2.0.02.0.1070.0
CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.26026
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.9060
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644

🔴Vulnerability Details

2
VulDB
Microsoft Windows up to Server 2025 Remote Desktop Client use after free2026-04-14
CVEList
Remote Desktop Client Remote Code Execution Vulnerability2026-04-14

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities2026-04-14
CVE-2026-32157 (HIGH CVSS 8.8) | Use after free in Remote Desktop Cl | cvebase.io