Windows Remote Desktop Fails to Warn of Spoofed Connections

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Windows Remote Desktop Fails to Warn of Spoofed Connections

CVE-2026-26151

Summary

An attacker can trick users into connecting to a fake server, potentially intercepting sensitive information. This affects Windows Remote Desktop users who connect to remote servers, and it's essential to update to the latest version to prevent spoofing attacks. Patching is recommended to ensure secure connections.

Original title

Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

Original description

Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

nvd CVSS3.1 7.1

Vulnerability type

CWE-357

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26151

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026