CVE-2026-54982
Received Received - Intake

Integer Underflow in RMCAST Allows Remote Code Execution

Vulnerability report for CVE-2026-54982, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft reliable_multicast_transport_driver *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can have severe impacts if exploited:

  • Remote Code Execution: An attacker on the same network (adjacent network) could execute arbitrary code on a vulnerable system, potentially taking full control of it.
  • Data Theft or Manipulation: The attacker could steal sensitive data, modify or delete files, or install malware.
  • Network Propagation: If the compromised system is part of a larger network, the attacker could use it as a pivot point to move laterally and target other systems.
  • Denial of Service: The attacker could crash the system or disrupt services, leading to downtime.

The CVSS base score of 8.8 (Critical) indicates a high risk, particularly for systems using the Reliable Multicast Transport Driver in adjacent network environments.

Compliance Impact

This vulnerability could impact compliance with several standards and regulations, depending on the affected system's use case:

  • GDPR (General Data Protection Regulation): If the vulnerable system processes or stores personal data of EU citizens, a successful exploit could lead to unauthorized access or exfiltration of that data. This would constitute a data breach under GDPR, potentially resulting in fines, mandatory breach notifications, and reputational damage.
  • HIPAA (Health Insurance Portability and Accountability Act): For healthcare organizations, if the vulnerable system handles protected health information (PHI), exploitation could lead to unauthorized access or disclosure of PHI. This would violate HIPAA's Security Rule, potentially resulting in penalties and corrective action plans.
  • Other Standards: Depending on the industry, this vulnerability could also affect compliance with standards like PCI DSS (for payment systems), SOX (for financial reporting), or NIST frameworks (for federal systems). Non-compliance could lead to audits, fines, or loss of certifications.

Organizations should assess whether their systems are affected and apply patches or mitigations promptly to avoid compliance violations.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the integer underflow vulnerability in the Reliable Multicast Transport Driver (RMCAST). Detection may require checking for the presence of the vulnerable driver version or monitoring for unusual adjacent network traffic patterns, but no explicit tools or commands are mentioned.

To detect this vulnerability, you may need to consult Microsoft's official guidance or security tools that can scan for vulnerable driver versions. The Microsoft Update Guide (Resource 1) may provide further details on detection mechanisms.

Mitigation Strategies

The provided context does not specify immediate mitigation steps for CVE-2026-54982. However, general best practices for mitigating such vulnerabilities include:

  • Apply the latest security updates or patches provided by Microsoft for the Reliable Multicast Transport Driver (RMCAST).
  • Restrict adjacent network access to trusted devices to reduce the attack surface.
  • Monitor Microsoft's security advisories (e.g., Resource 1) for official mitigation guidance and updates.
  • Consider disabling the RMCAST driver if it is not required for critical operations until a patch is applied.
Executive Summary

CVE-2026-54982 is an integer underflow vulnerability in the Reliable Multicast Transport Driver (RMCAST). An integer underflow occurs when a mathematical operation results in a value smaller than the minimum value that can be stored, causing it to wrap around to a very large number. In this case, the flaw allows an unauthorized attacker to execute arbitrary code over an adjacent network.

The vulnerability is classified as a remote code execution (RCE) issue, meaning an attacker can run malicious code on a targeted system without requiring physical access or user interaction.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54982. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart