Use-after-free in Windows and Windows Server - CVE-2026-58626
Published: July 17, 2026
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to use-after-free in Windows Remote Desktop Services when handling Remote Desktop Protocol requests. A remote user can send specially crafted requests to execute arbitrary code.
Exploitation requires establishing a connection to the target system via Remote Desktop Protocol.