CVE-2026-26111

EUVD-2026-10677
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Windows Releases
Platform
Version
Windows Server 2012
Server Core
KB5078775
Standard
KB5078775
Windows Server 2012 R2
Server Core
KB5078774
Standard
KB5078774
Windows Server 2016
Server Core
KB5078938
Standard
KB5078938
Windows Server 2019
Server Core
KB5078752
Standard
KB5078752
Windows Server 2022
23H2 Server Core
KB5078734
Server Core
KB5078737
Standard
KB5078737
Windows Server 2025
Server Core
KB5078736
Standard
KB5078736
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111