SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-56190 2026-07-14

CVE-2026-56190: Critical Unauthenticated RDP Remote Code Execution in Windows

"A use-of-uninitialized-resource flaw in Windows Remote Desktop Protocol lets an unauthenticated attacker execute code over the network, carrying a critical CVSS 9.8 rating."

A use-of-uninitialized-resource flaw in Windows Remote Desktop Protocol lets an unauthenticated attacker execute code over the network, carrying a critical CVSS 9.8 rating.

What Is It

CVE-2026-56190 is a use-of-uninitialized-resource vulnerability (CWE-908) in Windows RDP. Per Microsoft's advisory, the flaw "allows an unauthorized attacker to execute code over a network." It carries a CVSS 3.1 base score of 9.8 (CRITICAL) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning it is network-exploitable, requires low attack complexity, needs no privileges, and requires no user interaction. Successful exploitation yields high impact to confidentiality, integrity, and availability. The CVE was published on 2026-07-14 and is currently in "Awaiting Analysis" status at NVD.

Why It Matters

The combination of network attack vector, no authentication, no user interaction, and full remote code execution makes this among the most severe class of Windows vulnerabilities. RDP is widely exposed and frequently reachable across internal and, in poorly segmented environments, external networks. Any unpatched, RDP-reachable host is at risk of complete compromise. No active exploitation is confirmed in the supplied source material, and there is no CISA KEV entry provided for this CVE.

What's Vulnerable

Microsoft lists a broad range of affected Windows client and server builds, including:

Each product is affected below a specific fixed build number. Because Windows 11 24H2 and Windows Server 2025 share the same base build (10.0.26100) and the same monthly servicing, both reach their fix at the same build number; for example, below 10.0.26100.8875.

Patch Status

Microsoft has assigned fixed build numbers for every affected product, indicating updates are available. Administrators should apply the relevant Microsoft update for each Windows version to reach or exceed the listed fixed build. Consult the Microsoft Security Response Center advisory for the exact patch corresponding to your version. Until patched, restricting RDP exposure reduces attack surface.

Sources