CVE-2026-26151

Published Apr 14, 2026

Last updated 13 days ago

CVSS high 7.1

Rdp

Overview

Description: Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
Source: secure@microsoft.com
NVD status: Modified
Products: windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-357

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "158C16A3-547E-4130-8428-8E429C37E573",
            "versionEndExcluding": "10.0.14393.9060",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "58E1A340-D49A-4EBB-A750-876922ACD5CA",
            "versionEndExcluding": "10.0.14393.9060",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "64248504-2307-45FC-8FF3-7A227CFD8675",
            "versionEndExcluding": "10.0.17763.8644",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "9B1465B1-BDE6-4634-8F12-43F71D68A4D6",
            "versionEndExcluding": "10.0.17763.8644",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "88A175C4-E033-4FE7-B2BF-8BAE14321BC4",
            "versionEndExcluding": "10.0.19044.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "86DBF14A-F486-4FE7-9126-D1D54952FC6C",
            "versionEndExcluding": "10.0.19044.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "C375372B-D3D4-4B11-AAD8-69AC344C24BC",
            "versionEndExcluding": "10.0.19044.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "8CE2E268-E776-4697-9E43-33ABA4CDBE05",
            "versionEndExcluding": "10.0.19045.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "269B8E88-6473-41DD-BA33-D9184B82CA58",
            "versionEndExcluding": "10.0.19045.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
            "matchCriteriaId": "FCBB431B-EF21-4454-BDA3-D8F276BE7A64",
            "versionEndExcluding": "10.0.19045.7184",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "B33CE091-B873-4C30-BA05-54A8C1839212",
            "versionEndExcluding": "10.0.22631.6936",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "E3AF28F3-D486-4B88-9E0E-371241024174",
            "versionEndExcluding": "10.0.22631.6936",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "94EB36C7-1FF2-4B44-AD91-F3540F09393E",
            "versionEndExcluding": "10.0.26100.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "14B23C3F-C8AC-491A-BCA5-EB6982C8F9E9",
            "versionEndExcluding": "10.0.26100.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "361B5DAB-8D1F-45D7-A33C-F49EBA56B5F8",
            "versionEndExcluding": "10.0.26200.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "ADC6CE99-AB5D-4DD5-82A9-892366C4B2FD",
            "versionEndExcluding": "10.0.26200.8246",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*",
            "matchCriteriaId": "690E74A8-E72C-47B6-96EB-37C48D69A635",
            "versionEndExcluding": "10.0.28000.1836",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
            "matchCriteriaId": "13A01FA1-08DC-4E33-9FFC-AB4BCD9634CA",
            "versionEndExcluding": "10.0.28000.1836",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "982DB0CA-5196-4E42-B2F7-994BE8179715",
            "versionEndExcluding": "10.0.14393.9060",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "647CF9B5-8898-469B-9C09-D372A7843187",
            "versionEndExcluding": "10.0.17763.8644",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DC6837B7-5DFD-4AF7-B436-3C6FEF48BA60",
            "versionEndExcluding": "10.0.20348.5020",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "55A1F3AB-5299-4495-9A73-FDA23C6FD88D",
            "versionEndExcluding": "10.0.25398.2274",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "ADF41A14-B9DA-4788-82A8-74DCDCD090E1",
            "versionEndExcluding": "10.0.26100.32690",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References