EIP-2026-104603

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104603. PoCs published by Filippo Cavallarin.

AI-analyzed exploit summary The exploit leverages a vulnerability in Microsoft Remote Desktop for Mac (version 8.0.32 and prior) where a malicious RDP URL can be used to read/write files in the user's home directory. The PoC includes a Python script that creates a symbolic link to the victim's home directory and demonstrates arbitrary file operations, as well as a method for achieving remote code execution via SSH URI handler manipulation.

Description

Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution

Exploits (1)

exploitdb WORKING POC

by Filippo Cavallarin · localosx

https://www.exploit-db.com/exploits/41149

View Code ZIP pw:eip

The exploit leverages a vulnerability in Microsoft Remote Desktop for Mac (version 8.0.32 and prior) where a malicious RDP URL can be used to read/write files in the user's home directory. The PoC includes a Python script that creates a symbolic link to the victim's home directory and demonstrates arbitrary file operations, as well as a method for achieving remote code execution via SSH URI handler manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Remote Desktop for Mac (version 8.0.32 and prior)

No auth needed

Prerequisites: Victim must click on a malicious RDP URL · Attacker must control a server to host the malicious RDP endpoint · Victim must have Microsoft Remote Desktop for Mac installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1036 - Masquerading

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution

Exploitation Summary

Description

Exploits (1)

Details