CVE-2026-44801 – Remote Desktop Client Remote Code Execution Vulnerability

CVE-2026-44801 is a Remote Desktop Client Remote Code Execution vulnerability caused by a use-after-free (CWE-416) memory management flaw. The vulnerability affects the Remote Desktop Client and may allow an unauthorized attacker to execute code over a network. Exploitation requires a victim to connect to an attacker-controlled Remote Desktop server, which can trigger the vulnerability and potentially allow arbitrary code execution on the client system.

CVSS Score: 7.5
SEVERITY: Critical
THREAT:
This vulnerability presents a significant risk to systems that regularly use Remote Desktop connections. An attacker operating a malicious Remote Desktop server could exploit the flaw when a user initiates a connection, potentially gaining the ability to execute code on the victim’s machine. Such attacks could lead to malware deployment, credential theft, or unauthorized access to sensitive business resources.

EXPLOITS:
Exploit Code Maturity is listed as Unproven. No public exploits, proof-of-concept (PoC) code, or active exploitation activity are identified in the available information.

TECHNICAL SUMMARY:
The vulnerability is associated with CWE-416: Use After Free, a memory corruption weakness that occurs when software continues to access memory after it has been released. An attacker-controlled Remote Desktop server can provide specially crafted data that triggers the flaw within the vulnerable Remote Desktop Client. Successful exploitation may result in arbitrary code execution and could impact system confidentiality, integrity, and availability.

EXPLOITABILITY:
Affected Product: Remote Desktop Client
The attack vector is Network, with High attack complexity, No privileges required, and User interaction required. Exploitation requires an attacker to control a Remote Desktop server and persuade a victim to establish a connection using a vulnerable client.

BUSINESS IMPACT:
Remote Desktop technologies are widely used for remote administration, support, and hybrid work environments. A successful attack could compromise user workstations, expose sensitive corporate information, facilitate malware deployment, and provide an entry point into the broader network. Systems used by administrators may face particularly severe consequences if compromised.

WORKAROUND:
None listed.

URGENCY:
This vulnerability is rated Critical and enables remote code execution through a commonly used remote access technology. Although exploitation requires user interaction and a malicious Remote Desktop server, the potential impact of successful code execution warrants prompt deployment of the available security update.