Windows Remote Procedure Call leaks sensitive information on Windows

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

Windows Remote Procedure Call leaks sensitive information on Windows

CVE-2026-32085

Summary

A security issue in Windows Remote Procedure Call allows an authorized user's sensitive information to be accessed by others on the same system. This means that an attacker who already has local access to a Windows computer can potentially see sensitive data. To protect your system, ensure you're running the latest Windows updates and consider implementing additional security measures to limit local account privileges.

Original title

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.

Original description

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.

nvd CVSS3.1 5.5

Vulnerability type

CWE-200 Information Exposure

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32085

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026