CVE-2026-45639

Published Jun 9, 2026

Last updated a day ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-45639 is an information disclosure vulnerability affecting the Windows Remote Desktop Protocol (RDP). This flaw stems from an out-of-bounds read condition within the RDP stack. An unauthenticated attacker can exploit this vulnerability remotely over the network without user interaction to read portions of process memory. Successful exploitation could potentially leak sensitive data such as credentials, session tokens, or protocol state data, depending on the contents of the targeted memory region. This vulnerability impacts a wide range of Windows client and server releases where RDP is available, including various versions of Windows 10, Windows 11, and Windows Server. Microsoft addressed CVE-2026-45639 as part of its security updates released on June 9, 2026.

Description: Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Source: secure@microsoft.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-125

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 12

References