PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22853 FreeRDP CVE debrief

CVE-2026-22853 is a heap buffer overflow vulnerability in FreeRDP, a free implementation of the Remote Desktop Protocol. The vulnerability exists in RDPEAR's NDR array reader, which does not perform bounds checking on the on-wire element count. This can cause the reader to write past the heap buffer allocated from hints, leading to a heap buffer overflow. The vulnerability is fixed in version 3.20.1. Users of FreeRDP should update to version 3.20.1 or later to mitigate this vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.8, indicating a medium level of severity. The vulnerability was published on January 14, 2026, and last modified on June 30, 2026.

Vendor
FreeRDP
Product
Unknown
CVSS
MEDIUM 6.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-14
Original CVE updated
2026-06-30
Advisory published
2026-01-14
Advisory updated
2026-06-30

Who should care

Users of FreeRDP, particularly those using versions prior to 3.20.1, should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 3.20.1 or later, as well as implementing other security measures such as limiting access to Remote Desktop Protocol services and monitoring for suspicious activity. Additionally, organizations using Red Hat products may be affected, as indicated by multiple Red Hat errata references.

Technical summary

The vulnerability exists in the RDPEAR's NDR array reader in FreeRDP. Specifically, the reader does not perform bounds checking on the on-wire element count, which can cause it to write past the heap buffer allocated from hints. This results in a heap buffer overflow, which can be exploited by an attacker to execute arbitrary code. The vulnerability is fixed in version 3.20.1, which includes a patch to perform proper bounds checking. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

This vulnerability has a medium level of severity, with a CVSS score of 6.8. However, it is still important for users of FreeRDP to prioritize patching this vulnerability, as it can be exploited by an attacker to execute arbitrary code. The priority for patching this vulnerability should be high, particularly for organizations that use FreeRDP in their environment.

Recommended defensive actions

  • Update to version 3.20.1 or later of FreeRDP
  • Limit access to Remote Desktop Protocol services
  • Monitor for suspicious activity
  • Implement additional security measures such as network segmentation and intrusion detection
  • Review and update incident response plans

Evidence notes

The vulnerability was published on January 14, 2026, and last modified on June 30, 2026. The CVSS score for this vulnerability is 6.8, indicating a medium level of severity. Multiple Red Hat errata references are available, indicating that Red Hat products may be affected by this vulnerability.

Official resources

This article is AI-assisted and based on the supplied source corpus.