🔐 CVE Alert

CVE-2026-23884

HIGH 7.6

Heap-use-after-free in gdi_set_bounds

CVSS Score
7.6
EPSS Score
0.0%
EPSS Percentile
0th

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

CWE CWE-416
Vendor freerdp
Product freerdp
Published Jan 19, 2026
Last Updated Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for freerdp freerdp

Be the first to know when new high vulnerabilities affecting freerdp freerdp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeRDP / FreeRDP
< 3.21.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp github.com: https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L114-L122 github.com: https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L87-L91 github.com: https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-23884 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2430880 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23884.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2714 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2952 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2222 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2081 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3039 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3038 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3036 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3041 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2770 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2824 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2736 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3037 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2048