Use of uninitialized resource in Windows and Windows Server - CVE-2026-56190
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use of uninitialized resource in Windows RDP when handling specially crafted Remote Desktop Protocol traffic. A remote attacker can send specially crafted RDP traffic to execute arbitrary code.
Exploitation requires that Network Level Authentication (NLA) be disabled on the target system.