Multiple CVEs Affect Windows RRAS with Remote Code Execution Vulnerabilities

Multiple CVEs Affect Windows RRAS with Remote Code Execution Vulnerabilities

First seen 10 Mar 2026, 17:28 UTC Api.Msrc.MicrosoftWindowsforumNeowinWindowsreportBleepingcomputer+7 87% similarity 72.0

Article Content

Browse articles
ThreatCluster

Three critical vulnerabilities have been identified in the Windows Routing and Remote Access Service (RRAS), allowing both unauthorized and authorized attackers to execute code over a network. CVE-2026-25172 and CVE-2026-26111 enable unauthorized access, while CVE-2026-25173 permits authorized attackers to exploit the same weakness. All three vulnerabilities were published on March 10, 2026.

ThreatCluster AI

Timeline

2026-03-10
CVE-2026-25172 published
2026-03-10
CVE-2026-25173 published
2026-03-10
CVE-2026-26111 published

Community

Browse all →