# CVE-2026-33114

> A client-side parsing vulnerability in the Microsoft Remote Desktop Client allows remote code execution when a user connects to a rogue or attacker-controlled RDP server. The flaw is triggered during the initial connection negotiation phase, enabling an attacker hosting a malicious RDP server to execute arbitrary code on the connecting client system. This attack scenario is particularly dangerous in environments where users connect to external or untrusted RDP endpoints, or where an attacker can redirect RDP connections via DNS poisoning or man-in-the-middle techniques. This vulnerability was 

- **CVSS:** 8.8 (HIGH)
- **EPSS:** 0.1%
- **CWE:** CWE-20

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-33114
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp