Windows Remote Desktop Licensing Service Privilege Escalation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows Remote Desktop Licensing Service Privilege Escalation Risk

CVE-2026-26160

Summary

The Windows Remote Desktop Licensing Service does not require authentication for a critical function, which could allow an authorized user to gain more access on a local network. This could lead to unauthorized changes to system settings or data. Patch your Windows systems to fix this issue.

Original title

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

Original description

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-306 Missing Authentication for Critical Function

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26160

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026