Microsoft Remote Desktop
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Remote Desktop.
Recent Microsoft Remote Desktop Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-42993 | CVE-2026-42993 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-42908 | CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | June 9, 2026 |
| CVE-2026-42992 | CVE-2026-42992 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-47654 | CVE-2026-47654 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-48563 | CVE-2026-48563 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-44799 | CVE-2026-44799 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-42913 | CVE-2026-42913 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-42909 | CVE-2026-42909 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-47289 | CVE-2026-47289 Remote Desktop Client Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-45639 | CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | June 9, 2026 |
By the Year
In 2026 there have been 7 vulnerabilities in Microsoft Remote Desktop with an average score of 7.9 out of ten. Last year, in 2025 Remote Desktop had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Remote Desktop in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.49
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 7.87 |
| 2025 | 7 | 8.36 |
| 2024 | 3 | 8.67 |
| 2023 | 5 | 6.78 |
| 2022 | 5 | 7.00 |
| 2021 | 3 | 8.33 |
| 2020 | 1 | 7.80 |
| 2019 | 3 | 9.20 |
It may take a day or so for new Remote Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Remote Desktop Security Vulnerabilities
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42985
8.8 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44801
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44799
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42913
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Race Condition
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42909
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Race Condition
Jun 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-45639
7.5 - High
- June 09, 2026
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Apr 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-32157
8.8 - High
- April 14, 2026
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Oct 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-58718
8.8 - High
- October 14, 2025
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jul 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-48817
8.8 - High
- July 08, 2025
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Relative Path Traversal
Jun 2025: Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2025-32715
6.5 - Medium
- June 10, 2025
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
May 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-29967
8.8 - High
- May 13, 2025
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
May 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-29966
8.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Apr 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-27487
8 - High
- April 08, 2025
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
Heap-based Buffer Overflow
Mar 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-26645
8.8 - High
- March 11, 2025
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Relative Path Traversal
Dec 2024: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-49105
8.4 - High
- December 12, 2024
Remote Desktop Client Remote Code Execution Vulnerability
Authorization
Oct 2024: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-43533
8.8 - High
- October 08, 2024
Remote Desktop Client Remote Code Execution Vulnerability
Dangling pointer
CB-VC RCE in Microsoft RDP
CVE-2024-38131
8.8 - High
- August 13, 2024
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
Sensitive Data Storage in Improperly Locked Memory
Microsoft RDP Security Feature Bypass (CVE-2023-32043)
CVE-2023-32043
6.8 - Medium
- July 11, 2023
Windows Remote Desktop Security Feature Bypass Vulnerability
Microsoft Windows RDP Security Feature Bypass
CVE-2023-29352
6.5 - Medium
- June 14, 2023
Windows Remote Desktop Security Feature Bypass Vulnerability
Microsoft Remote Desktop Client RCE via Deserialization
CVE-2023-29362
8.8 - High
- June 14, 2023
Remote Desktop Client Remote Code Execution Vulnerability
Microsoft Remote Desktop App Windows Info Disclosure CVE-2023-28290
CVE-2023-28290
5.3 - Medium
- May 09, 2023
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
Microsoft RDP Client Info Disclosure CVE-2023-28267
CVE-2023-28267
6.5 - Medium
- April 11, 2023
Remote Desktop Protocol Client Information Disclosure Vulnerability
WinGfx EoP Vulnerability
CVE-2022-41121
7.8 - High
- December 13, 2022
Windows Graphics Component Elevation of Privilege Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-26940
6.5 - Medium
- May 10, 2022
Remote Desktop Protocol Client Information Disclosure Vulnerability
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2022-22015
6.5 - Medium
- May 10, 2022
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-22017
8.8 - High
- May 10, 2022
Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-24503
5.4 - Medium
- March 09, 2022
Remote Desktop Protocol Client Information Disclosure Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-38665
7.4 - High
- November 10, 2021
Remote Desktop Protocol Client Information Disclosure Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535
8.8 - High
- August 12, 2021
Remote Desktop Client Remote Code Execution Vulnerability
Jan 2021: Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669
8.8 - High
- January 12, 2021
Windows Remote Desktop Security Feature Bypass Vulnerability
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it
CVE-2020-0919
7.8 - High
- April 15, 2020
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.
Improper Privilege Management
Aug 2019: Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1182
9.8 - Critical
- August 14, 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Aug 2019: Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1181
9.8 - Critical
- August 14, 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection
CVE-2019-0887
8 - High
- July 15, 2019
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Remote Desktop or by Microsoft? Click the Watch button to subscribe.
