Remote Desktop Client Remote Code Execution Vulnerability

Description

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Affected Products

Vendor	Product	Versions
microsoft	remote desktop	1.2.0.0, 10.0.14393.0, 10.0.17763.0, 10.0.19044.0, 10.0.19045.0, 10.0.22631.0, 10.0.22631.0, 10.0.26100.0, 10.0.26200.0, 10.0.28000.0, 1.00, 6.2.9200.0, 6.2.9200.0, 6.3.9600.0, 6.3.9600.0, 10.0.14393.0, 10.0.14393.0, 10.0.17763.0, 10.0.17763.0, 10.0.20348.0, 10.0.25398.0, 10.0.26100.0, 10.0.26100.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	windows 11 version 22h3	mitre_affected	90%
microsoft	windows server 2012 r2 (server core installation)	mitre_affected	90%
microsoft	windows 10 version 21h2	mitre_affected	90%
microsoft	windows server 2012 (server core installation)	mitre_affected	90%
microsoft	windows	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157(vendor-advisory, patch)

Related News (6 articles)

Tier B

BSI Advisories17h ago

[NEU] [hoch] Microsoft Windows: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

Cisco Talos1d ago

Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

→ No new info (linked only)

Tier C

Qualys Blog1d ago

Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-32157 | Microsoft Windows up to Server 2025 Remote Desktop Client use after free

→ No new info (linked only)

Tier A

Microsoft MSRC1d ago

CVE-2026-32157 Remote Desktop Client Remote Code Execution Vulnerability

→ No new info (linked only)

Tier C

CrowdStrike Blog1d ago

April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2.0.1070.010.0.14393.906010.0.17763.864410.0.19044.718410.0.19045.718410.0.22631.693610.0.26100.3269010.0.26200.824610.0.28000.18366.2.9200.260266.3.9600.2313210.0.20348.502010.0.25398.2274

CWECWE-416

PublishedApr 14, 2026

Last enriched1d agov3