CVE-2026-54982 – Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
“A vulnerability on the local network can quickly become a gateway to full system compromise if left unpatched.”
An integer underflow vulnerability in the Windows Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network. The flaw can be exploited from the same network segment without requiring user interaction or privileges. Successful exploitation could allow an attacker to execute arbitrary code, potentially leading to complete compromise of the affected system.
CVSS Score: 8.8
SEVERITY: Critical
THREAT:
This vulnerability affects the Windows Reliable Multicast Transport Driver (RMCAST). An attacker connected to the same local or virtual network segment can exploit the flaw to execute arbitrary code on a vulnerable system without authentication or user interaction.
EXPLOITS:
The vulnerability was not publicly disclosed at the time of publication. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and there is no confirmation of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by an integer underflow (CWE-191) in the Windows Reliable Multicast Transport Driver (RMCAST). Improper handling of numeric values can result in memory corruption, allowing an attacker on the same network segment to execute arbitrary code. The CVSS v3.1 metrics identify an adjacent network attack vector, low attack complexity, no privileges required, and no user interaction required. Successful exploitation has high impact on confidentiality, integrity, and availability.
EXPLOITABILITY:
Affected products include supported editions of Windows 10 versions 1607, 1809, 21H2, and 22H2, Windows 11 versions 24H2, 25H2, and 26H1, and Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, including affected Server Core installations. Exploitation requires the attacker to be on the same network segment as the target but does not require authentication or user interaction.
BUSINESS IMPACT:
Successful exploitation could allow attackers on trusted or internal networks to compromise vulnerable Windows systems, steal sensitive information, deploy malware, disrupt business operations, and establish a foothold for further attacks across the environment.
WORKAROUND:
No mitigations or workarounds are available.
URGENCY:
This vulnerability should be prioritized because it is rated Critical with a CVSS v3.1 Base Score of 8.8. Although exploitation is limited to adjacent networks, the lack of required privileges or user interaction significantly increases the risk to enterprise environments.
Key Details
- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-191