๐Ÿ” CVE Alert

CVE-2026-55827

HIGH 7.5

FreeRDP: Heap out-of-bounds write in RemoteFX (RFX) Cache Bitmap V3 decode

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap->data only for the smaller DstWidth and DstHeight in gdi_Bitmap_Decompress, allowing a malicious RDP server to trigger a heap out-of-bounds write with attacker-controlled offset and content. This issue is fixed in version 3.27.1.

CWE CWE-131 CWE-787
Vendor freerdp
Product freerdp
Published Jul 10, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for freerdp freerdp

Be the first to know when new high vulnerabilities affecting freerdp freerdp are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

FreeRDP / FreeRDP
< 3.27.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c495-h83v-3prp github.com: https://github.com/FreeRDP/FreeRDP/pull/12899 github.com: https://github.com/FreeRDP/FreeRDP/commit/e58adf922ea4c0d5495e59a1fe488d70092e0e3e github.com: https://github.com/FreeRDP/FreeRDP/releases/tag/3.27.1