Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2026-0244
Vulnerability from csaf_certbund - Published: 2026-01-27 23:00 - Updated: 2026-02-04 23:00Summary
FreeRDP: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um einen Denial of Service zu verursachen oder potentiell beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um einen Denial of Service zu verursachen oder potentiell beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0244 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0244.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0244 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0244"
},
{
"category": "external",
"summary": "FreeRDP Release Notes vom 2026-01-27",
"url": "https://www.freerdp.com/2026/01/28/3_22_0-release"
},
{
"category": "external",
"summary": "FreeRDP GitHub vom 2026-01-27",
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10132-1 vom 2026-02-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3PECP75D65BGMOXX4VA6VFZW5A365UOB/"
}
],
"source_lang": "en-US",
"title": "FreeRDP: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-04T23:00:00.000+00:00",
"generator": {
"date": "2026-02-05T09:40:19.143+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0244",
"initial_release_date": "2026-01-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.22.0",
"product": {
"name": "Open Source FreeRDP \u003c3.22.0",
"product_id": "T050374"
}
},
{
"category": "product_version",
"name": "3.22.0",
"product": {
"name": "Open Source FreeRDP 3.22.0",
"product_id": "T050374-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:freerdp:freerdp:3.22.0"
}
}
}
],
"category": "product_name",
"name": "FreeRDP"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23948",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-23948"
},
{
"cve": "CVE-2026-24491",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24491"
},
{
"cve": "CVE-2026-24675",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24675"
},
{
"cve": "CVE-2026-24676",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24676"
},
{
"cve": "CVE-2026-24677",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24677"
},
{
"cve": "CVE-2026-24678",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24678"
},
{
"cve": "CVE-2026-24679",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24679"
},
{
"cve": "CVE-2026-24680",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24680"
},
{
"cve": "CVE-2026-24681",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24681"
},
{
"cve": "CVE-2026-24682",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24682"
},
{
"cve": "CVE-2026-24683",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24683"
},
{
"cve": "CVE-2026-24684",
"product_status": {
"known_affected": [
"T027843",
"T050374"
]
},
"release_date": "2026-01-27T23:00:00.000+00:00",
"title": "CVE-2026-24684"
}
]
}
CVE-2026-24676 (GCVE-0-2026-24676)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:15 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a heap-use-after-free in audio_format_compatible
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:09.894254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:23.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-\u003eformat, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:15:33.646Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qh5p-frq4-pgxj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qh5p-frq4-pgxj"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00"
}
],
"source": {
"advisory": "GHSA-qh5p-frq4-pgxj",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a heap-use-after-free in audio_format_compatible"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24676",
"datePublished": "2026-02-09T18:15:33.646Z",
"dateReserved": "2026-01-23T20:40:23.388Z",
"dateUpdated": "2026-02-10T16:02:23.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24678 (GCVE-0-2026-24678)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:17 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:06.900664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:14.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:17:27.040Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600"
}
],
"source": {
"advisory": "GHSA-6gvg-29wx-6v7h",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24678",
"datePublished": "2026-02-09T18:17:27.040Z",
"dateReserved": "2026-01-23T20:40:23.388Z",
"dateUpdated": "2026-02-10T16:02:14.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24675 (GCVE-0-2026-24675)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:14 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a Heap-use-after-free in urb_select_interface
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:11.243175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:28.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device\u0027s MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:14:40.667Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x9jr-99h2-g7mj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x9jr-99h2-g7mj"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae"
}
],
"source": {
"advisory": "GHSA-x9jr-99h2-g7mj",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a Heap-use-after-free in urb_select_interface"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24675",
"datePublished": "2026-02-09T18:14:40.667Z",
"dateReserved": "2026-01-23T20:40:23.388Z",
"dateUpdated": "2026-02-10T16:02:28.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24683 (GCVE-0-2026-24683)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:22 – Updated: 2026-02-10 16:01
VLAI?
EPSS
Title
FreeRDP has a heap-use-after-free in ainput_send_input_event
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:58.125612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:48.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:22:17.636Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-45pf-68pj-fg8q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-45pf-68pj-fg8q"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/d9ca272dce7a776ab475e9b1a8e8c3d2968c8486",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/d9ca272dce7a776ab475e9b1a8e8c3d2968c8486"
}
],
"source": {
"advisory": "GHSA-45pf-68pj-fg8q",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a heap-use-after-free in ainput_send_input_event"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24683",
"datePublished": "2026-02-09T18:22:17.636Z",
"dateReserved": "2026-01-23T20:40:23.389Z",
"dateUpdated": "2026-02-10T16:01:48.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24684 (GCVE-0-2026-24684)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:23 – Updated: 2026-02-10 16:01
VLAI?
EPSS
Title
FreeRDP has a Heap-use-after-free in play_thread
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:56.738542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:41.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:23:02.882Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5"
}
],
"source": {
"advisory": "GHSA-vcgv-xgjp-h83q",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a Heap-use-after-free in play_thread"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24684",
"datePublished": "2026-02-09T18:23:02.882Z",
"dateReserved": "2026-01-23T20:40:23.389Z",
"dateUpdated": "2026-02-10T16:01:41.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24682 (GCVE-0-2026-24682)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:21 – Updated: 2026-02-10 16:01
VLAI?
EPSS
Title
FreeRDP has a Heap-buffer-overflow in audio_formats_free
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:59.582504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:54.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:21:39.733Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee"
}
],
"source": {
"advisory": "GHSA-vcw2-pqgw-mx6g",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a Heap-buffer-overflow in audio_formats_free"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24682",
"datePublished": "2026-02-09T18:21:39.733Z",
"dateReserved": "2026-01-23T20:40:23.389Z",
"dateUpdated": "2026-02-10T16:01:54.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24677 (GCVE-0-2026-24677)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:16 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in sws_scale. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:08.564405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:18.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in sws_scale. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:16:44.715Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xw37-j744-f8v7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xw37-j744-f8v7"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/d2d4f449312ddafd4a4c6c8a4f856c7f0d44a3b5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/d2d4f449312ddafd4a4c6c8a4f856c7f0d44a3b5"
}
],
"source": {
"advisory": "GHSA-xw37-j744-f8v7",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24677",
"datePublished": "2026-02-09T18:16:44.715Z",
"dateReserved": "2026-01-23T20:40:23.388Z",
"dateUpdated": "2026-02-10T16:02:18.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24680 (GCVE-0-2026-24680)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:19 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a heap-use-after-free in update_pointer_new(SDL)
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:03.973263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:05.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:19:45.222Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j893-9wg8-33rc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j893-9wg8-33rc"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758"
}
],
"source": {
"advisory": "GHSA-j893-9wg8-33rc",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a heap-use-after-free in update_pointer_new(SDL)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24680",
"datePublished": "2026-02-09T18:19:45.222Z",
"dateReserved": "2026-01-23T20:40:23.388Z",
"dateUpdated": "2026-02-10T16:02:05.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23948 (GCVE-0-2026-23948)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:12 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:14.620862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:38.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:12:00.737Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860"
}
],
"source": {
"advisory": "GHSA-6f3c-qvqq-2px5",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23948",
"datePublished": "2026-02-09T18:12:00.737Z",
"dateReserved": "2026-01-19T14:49:06.312Z",
"dateUpdated": "2026-02-10T16:02:38.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24491 (GCVE-0-2026-24491)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:13 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a heap-use-after-free in video_timer
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:13.198407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:33.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:13:44.302Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4x6j-w49r-869g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4x6j-w49r-869g"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/e02e052f6692550e539d10f99de9c35a23492db2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/e02e052f6692550e539d10f99de9c35a23492db2"
}
],
"source": {
"advisory": "GHSA-4x6j-w49r-869g",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a heap-use-after-free in video_timer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24491",
"datePublished": "2026-02-09T18:13:44.302Z",
"dateReserved": "2026-01-23T00:38:20.549Z",
"dateUpdated": "2026-02-10T16:02:33.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24681 (GCVE-0-2026-24681)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:20 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:01.208751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:00.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:20:39.732Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9j"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73"
}
],
"source": {
"advisory": "GHSA-ccvv-hg2w-6x9j",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24681",
"datePublished": "2026-02-09T18:20:39.732Z",
"dateReserved": "2026-01-23T20:40:23.389Z",
"dateUpdated": "2026-02-10T16:02:00.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24679 (GCVE-0-2026-24679)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:19 – Updated: 2026-02-10 16:02
VLAI?
EPSS
Title
FreeRDP has a heap-buffer-overflow in urb_select_interface
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:40:05.375341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:02:09.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:19:00.409Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/2d563a50be17c1b407ca448b1321378c0726dd31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/2d563a50be17c1b407ca448b1321378c0726dd31"
}
],
"source": {
"advisory": "GHSA-2jp4-67x6-gv7x",
"discovery": "UNKNOWN"
},
"title": "FreeRDP has a heap-buffer-overflow in urb_select_interface"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24679",
"datePublished": "2026-02-09T18:19:00.409Z",
"dateReserved": "2026-01-23T20:40:23.388Z",
"dateUpdated": "2026-02-10T16:02:09.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…