CVE-2026-24678
FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
| CWE | CWE-416 |
| Vendor | freerdp |
| Product | freerdp |
| Published | Feb 9, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for freerdp freerdp
Be the first to know when new medium vulnerabilities affecting freerdp freerdp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
FreeRDP / FreeRDP
< 3.22.0
References
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h github.com: https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-24678 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2438197 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24678.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4121 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3068 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19033