CVE-2026-33516
xrdp: Pre-authentication out-of-bounds reads in RDP capability and channel parsers
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU. Successful exploitation could lead to a denial of service (process crash) or potential disclosure of sensitive information from the process memory. This issue has been fixed in version 0.10.6.
| CWE | CWE-125 |
| Vendor | neutrinolabs |
| Product | xrdp |
| Published | Apr 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for neutrinolabs xrdp
Be the first to know when new unknown vulnerabilities affecting neutrinolabs xrdp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
neutrinolabs / xrdp
< 0.10.6