Share
## https://sploitus.com/exploit?id=SAINT:795F281B7D7687813FC61BBC205F6B36
Added: 03/23/2026  


### Background

The Windows Routing and Remote Access Service supports remote user or site-to-site connectivity by using VPN or dial-up connections. 

### Problem

An integer overflow vulnerability in the Windows Routing and Remote Access Service allow command execution when a domain-joined user sends a request to a malicious server via the Routing and Remote Access snap-in. 

### Resolution

Apply the patch referenced in Microsoft advisory CVE-2026-26111. 

### References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111   


### Limitations

The target machine must be on the same network as the exploit server. A domain-joined user must send a request to the exploit server via the Routing and Remote Access snap-in. 

### Platforms

Windows