Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Remote Desktop Web Client by Microsoft
CVE-2026-56171 (GCVE-0-2026-56171)
Vulnerability from nvd – Published: 2026-07-17 21:34 – Updated: 2026-07-17 21:34
VLAI
EPSS
VEX
Title
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Summary
Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.
Severity
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Remote Desktop Web Client |
Affected:
2.0.0.0 , < 2.1.65.2
(custom)
|
|
| Microsoft | Windows Admin Center |
Affected:
1809.0 , < 2.7.4
(custom)
|
Date Public
2026-07-16 14:00
{
"containers": {
"cna": {
"affected": [
{
"product": "Remote Desktop Web Client",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.1.65.2",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows Admin Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.7.4",
"status": "affected",
"version": "1809.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.4",
"versionStartIncluding": "1809.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:remote_desktop_web_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.65.2",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-07-16T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T21:34:17.768Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56171"
}
],
"title": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-56171",
"datePublished": "2026-07-17T21:34:17.768Z",
"dateReserved": "2026-06-19T13:53:31.989Z",
"dateUpdated": "2026-07-17T21:34:17.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56171 (GCVE-0-2026-56171)
Vulnerability from cvelistv5 – Published: 2026-07-17 21:34 – Updated: 2026-07-17 21:34
VLAI
EPSS
VEX
Title
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Summary
Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.
Severity
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Remote Desktop Web Client |
Affected:
2.0.0.0 , < 2.1.65.2
(custom)
|
|
| Microsoft | Windows Admin Center |
Affected:
1809.0 , < 2.7.4
(custom)
|
Date Public
2026-07-16 14:00
{
"containers": {
"cna": {
"affected": [
{
"product": "Remote Desktop Web Client",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.1.65.2",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Windows Admin Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.7.4",
"status": "affected",
"version": "1809.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.4",
"versionStartIncluding": "1809.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:remote_desktop_web_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.65.2",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-07-16T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T21:34:17.768Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56171"
}
],
"title": "Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-56171",
"datePublished": "2026-07-17T21:34:17.768Z",
"dateReserved": "2026-06-19T13:53:31.989Z",
"dateUpdated": "2026-07-17T21:34:17.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}