🔐 CVE Alert

CVE-2026-23533

HIGH 7.6

FreeRDP has heap-buffer-overflow in clear_decompress_residual_data

CVSS Score
7.6
EPSS Score
0.0%
EPSS Percentile
0th

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

CWE CWE-122
Vendor freerdp
Product freerdp
Published Jan 19, 2026
Last Updated Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for freerdp freerdp

Be the first to know when new high vulnerabilities affecting freerdp freerdp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeRDP / FreeRDP
< 3.21.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v github.com: https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L268-L281 github.com: https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L336 github.com: https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-23533 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2430886 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23533.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2714 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2952 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2222 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2081 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3039 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3038 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3036 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3041 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2770 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2824 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2736 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3037 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2048