CVE Catalog

CVE-2026-42913

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

38th percentile - higher than 38% of all known CVEs

Summary

A race condition in the Remote Desktop Client due to improper synchronization of shared resources allows an unauthorized attacker to execute code over the network.

Risk Assessment

An attacker could take control of a workstation or server running the vulnerable RDP client, leading to data theft, malware installation, or lateral movement within the network.

Recommendation

Apply the security update provided by the vendor for the Remote Desktop Client immediately. Until the patch is installed, consider restricting RDP connections to trusted networks and users only.

Original NVD description (English source)

Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS