CVE Catalog

CVE-2026-49774

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

32th percentile — higher than 32% of all known CVEs

Summary

CVE-2026-49774 describes an improper control of code generation vulnerability that allows remote code inclusion in the RD Station application. This issue affects RD Station versions from n/a through 5.6.0.

Risk Assessment

Remote code inclusion can lead to system takeover, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update RD Station to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS