CVE Catalog

CVE-2026-42909

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

A race condition vulnerability exists in the Remote Desktop Client due to improper synchronization of shared resources. This allows an unauthorized attacker to execute code remotely over a network.

Risk Assessment

An attacker can remotely take control of the victim's system, install malware, steal data, or disrupt services. The risk is high due to unauthenticated remote code execution capability.

Recommendation

Apply the security update provided by the vendor for the Remote Desktop Client immediately. Restrict RDP access to trusted networks and users only.

Original NVD description (English source)

Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS