Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Remote Desktop Web Client by Microsoft

    CVE-2026-56171 (GCVE-0-2026-56171)

    Vulnerability from nvd – Published: 2026-07-17 21:34 – Updated: 2026-07-17 21:34
    VLAI
    Title
    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
    Summary
    Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Remote Desktop Web Client Affected: 2.0.0.0 , < 2.1.65.2 (custom)
    Create a notification for this product.
    Microsoft Windows Admin Center Affected: 1809.0 , < 2.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-16 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Remote Desktop Web Client",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.1.65.2",
                  "status": "affected",
                  "version": "2.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Windows Admin Center",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.7.4",
                  "status": "affected",
                  "version": "1809.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.7.4",
                      "versionStartIncluding": "1809.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:remote_desktop_web_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.1.65.2",
                      "versionStartIncluding": "2.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-16T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:34:17.768Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56171"
            }
          ],
          "title": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-56171",
        "datePublished": "2026-07-17T21:34:17.768Z",
        "dateReserved": "2026-06-19T13:53:31.989Z",
        "dateUpdated": "2026-07-17T21:34:17.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56171 (GCVE-0-2026-56171)

    Vulnerability from cvelistv5 – Published: 2026-07-17 21:34 – Updated: 2026-07-17 21:34
    VLAI
    Title
    Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
    Summary
    Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Remote Desktop Web Client Affected: 2.0.0.0 , < 2.1.65.2 (custom)
    Create a notification for this product.
    Microsoft Windows Admin Center Affected: 1809.0 , < 2.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-16 14:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "Remote Desktop Web Client",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.1.65.2",
                  "status": "affected",
                  "version": "2.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Windows Admin Center",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.7.4",
                  "status": "affected",
                  "version": "1809.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.7.4",
                      "versionStartIncluding": "1809.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:remote_desktop_web_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.1.65.2",
                      "versionStartIncluding": "2.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-07-16T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T21:34:17.768Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56171"
            }
          ],
          "title": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-56171",
        "datePublished": "2026-07-17T21:34:17.768Z",
        "dateReserved": "2026-06-19T13:53:31.989Z",
        "dateUpdated": "2026-07-17T21:34:17.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }