CVE-2026-58626: Windows Remote Desktop Services Remote Code Execution Vulnerability

Overview

Severity
High (CVSS 8.8)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
Unlikely
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.

FAQ

How could an attacker exploit this vulnerability? An authenticated attacker could exploit this vulnerability by connecting to a target system via Remote Desktop Protocol (RDP) and sending specially crafted requests that trigger a use-after-free condition in the Remote Desktop service, allowing the attacker to execute arbitrary code on the target system. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An attacker must first have access to a Windows system as an authenticated user and then use that system to establish a connection to the target server and send the malicious data that triggers the vulnerability.

Affected Products (15)

Windows

  • Windows Server 2022
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows Server 2025 (Server Core installation)
  • Windows 11 Version 25H2 for ARM64-based Systems
  • Windows 11 Version 25H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows Server 2025
  • Windows 11 version 26H1 for x64-based Systems
  • Windows 11 Version 26H1 for ARM64-based Systems

ESU

  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems

Security Updates (5)

Acknowledgments

<a href="https://www.linkedin.com/in/danielr1123/">Daniel R</a>

Revision History

  • 2026-07-14: Information published.