## https://sploitus.com/exploit?id=SAINT:CD7EEEAA71B81A437BE85B0DDAA2D30F
Added: 03/23/2026
### Background
The Windows Routing and Remote Access Service supports remote user or site-to-site connectivity by using VPN or dial-up connections.
### Problem
An integer overflow vulnerability in the Windows Routing and Remote Access Service allow command execution when a domain-joined user sends a request to a malicious server via the Routing and Remote Access snap-in.
### Resolution
Apply the patch referenced in Microsoft advisory CVE-2026-26111.
### References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111
### Limitations
The target machine must be on the same network as the exploit server. A domain-joined user must send a request to the exploit server via the Routing and Remote Access snap-in.
### Platforms
Windows