Threat Intelligence / CVE / CVE-2026-33114

CVE-2026-33114

CVSS 8.8 (HIGH) · EPSS 0.1% · Published 2026-04-14

A client-side parsing vulnerability in the Microsoft Remote Desktop Client allows remote code execution when a user connects to a rogue or attacker-controlled RDP server. The flaw is triggered during the initial connection negotiation phase, enabling an attacker hosting a malicious RDP server to execute arbitrary code on the connecting client system. This attack scenario is particularly dangerous in environments where users connect to external or untrusted RDP endpoints, or where an attacker can redirect RDP connections via DNS poisoning or man-in-the-middle techniques. This vulnerability was patched as part of the Microsoft April 2026 Patch Tuesday release.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20

Threats tracking this CVE

Microsoft April 2026 Patch Tuesday — 167 Flaws, 2 Zero-Days (SharePoint Spoofing CVE-2026-32201 + Defender EoP CVE-2026-33825) — CRITICAL

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33114

Full detection coverage & IOCs for threats exploiting CVE-2026-33114 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence