CVE-2026-42909
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk32th percentile - higher than 32% of all known CVEs
Summary
A race condition vulnerability exists in the Remote Desktop Client due to improper synchronization of shared resources. This allows an unauthorized attacker to execute code remotely over a network.
Risk Assessment
An attacker can remotely take control of the victim's system, install malware, steal data, or disrupt services. The risk is high due to unauthenticated remote code execution capability.
Recommendation
Apply the security update provided by the vendor for the Remote Desktop Client immediately. Restrict RDP access to trusted networks and users only.
Original NVD description (English source)
Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

