CVE-2026-35512

UNKNOWN 0.0

xrdp: Heap buffer overflow in EGFX channel

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication exploitation may achieve remote code execution. This issue has been fixed in version 0.10.6. If users are unable to immediately update, they should run xrdp as a non-privileged user (default since 0.10.2) to limit the impact of successful exploitation.

CWE	CWE-122
Vendor	neutrinolabs
Product	xrdp
Published	Apr 17, 2026

Stay Ahead of the Next One

Get instant alerts for neutrinolabs xrdp

Be the first to know when new unknown vulnerabilities affecting neutrinolabs xrdp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

neutrinolabs / xrdp

< 0.10.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-jg6p-7fg8-9hh6 github.com: https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6