CVE-2026-42913
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
A race condition in the Remote Desktop Client due to improper synchronization of shared resources allows an unauthorized attacker to execute code over the network.
Risk Assessment
An attacker could take control of a workstation or server running the vulnerable RDP client, leading to data theft, malware installation, or lateral movement within the network.
Recommendation
Apply the security update provided by the vendor for the Remote Desktop Client immediately. Until the patch is installed, consider restricting RDP connections to trusted networks and users only.
Original NVD description (English source)
Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

