Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: freerdp Clear
ID Title
CVE-2026-45700 Out-of-Bounds Write in c (CVE-2026-45700)
out-of-bounds write in c (CVE-2026-45700). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
CVE-2026-44420 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel b...
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process...
CVE-2026-44421 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
CVE-2026-44422 Vulnerability in freerdp (CVE-2026-44422)
vulnerability in freerdp (CVE-2026-44422). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
CVE-2026-40033 Vulnerability in freerdp (CVE-2026-40033)
vulnerability in freerdp (CVE-2026-40033). Successful exploitation can lead to full system takeover.
CVE-2026-33986 Vulnerability in c (CVE-2026-33986)
vulnerability in c (CVE-2026-33986). Successful exploitation can lead to full system takeover.
CVE-2026-33984 Vulnerability in c (CVE-2026-33984)
vulnerability in c (CVE-2026-33984). Successful exploitation can lead to full system takeover.
CVE-2026-33983 Vulnerability in dos (CVE-2026-33983)
vulnerability in dos (CVE-2026-33983). Risk of unauthorized operations or information disclosure.
CVE-2026-31806 Vulnerability in freerdp (CVE-2026-31806)
vulnerability in freerdp (CVE-2026-31806). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.24.0` or later.
CVE-2026-26965 Out-of-Bounds Write in freerdp (CVE-2026-26965)
out-of-bounds write in freerdp (CVE-2026-26965). Successful exploitation can lead to full system takeover. Exploitable via ``pDstData``.
CVE-2026-26955 Out-of-Bounds Write in c (CVE-2026-26955)
out-of-bounds write in c (CVE-2026-26955). Successful exploitation can lead to full system takeover. Exploitable via ``xfreerdp``.
CVE-2026-24678 Use-After-Free in freerdp (CVE-2026-24678)
vulnerability in freerdp (CVE-2026-24678). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.22.0` or later.
CVE-2026-23883 Use-After-Free in dos (CVE-2026-23883)
vulnerability in dos (CVE-2026-23883). Successful exploitation can lead to full system takeover. Exploitable via ``xf_Pointer_New``.
CVE-2026-23884 Use-After-Free in dos (CVE-2026-23884)
vulnerability in dos (CVE-2026-23884). Successful exploitation can lead to full system takeover.
CVE-2026-23533 Vulnerability in dos (CVE-2026-23533)
vulnerability in dos (CVE-2026-23533). Successful exploitation can lead to full system takeover.
CVE-2026-23534 Vulnerability in dos (CVE-2026-23534)
vulnerability in dos (CVE-2026-23534). Successful exploitation can lead to full system takeover.
CVE-2026-23532 Vulnerability in dos (CVE-2026-23532)
vulnerability in dos (CVE-2026-23532). Successful exploitation can lead to full system takeover. Exploitable via ``gdi_SurfaceToSurface``.
CVE-2026-23530 Vulnerability in dos (CVE-2026-23530)
vulnerability in dos (CVE-2026-23530). Successful exploitation can lead to full system takeover. Exploitable via ``freerdp_bitmap_decompress_planar``.
CVE-2026-23531 Vulnerability in dos (CVE-2026-23531)
vulnerability in dos (CVE-2026-23531). Successful exploitation can lead to full system takeover. Exploitable via ``glyphData``.
CVE-2026-22858 Out-of-Bounds Read in c (CVE-2026-22858)
vulnerability in c (CVE-2026-22858). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
CVE-2026-22859 Out-of-Bounds Read in freerdp (CVE-2026-22859)
vulnerability in freerdp (CVE-2026-22859). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
CVE-2026-22855 Out-of-Bounds Read in freerdp (CVE-2026-22855)
vulnerability in freerdp (CVE-2026-22855). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
CVE-2026-22853 Out-of-Bounds Write in freerdp (CVE-2026-22853)
out-of-bounds write in freerdp (CVE-2026-22853). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.20.1` or later.
CVE-2025-4478 Vulnerability in dos (CVE-2025-4478)
vulnerability in dos (CVE-2025-4478). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →