CVE-2026-26271
Buffer Overread in FreeRDP Icon Processing
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.
| CWE | CWE-126 |
| Vendor | freerdp |
| Product | freerdp |
| Published | Feb 25, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for freerdp freerdp
Be the first to know when new unknown vulnerabilities affecting freerdp freerdp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
FreeRDP / FreeRDP
< 3.23.0