PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22858 FreeRDP CVE debrief

CVE-2026-22858 is a global-buffer-overflow vulnerability in FreeRDP's Base64 decoding path. The issue arises from implementation-defined char signedness, particularly on Arm/AArch64 builds where plain char is treated as unsigned. This leads to a potential out-of-bounds access when non-ASCII bytes are used as an index into a global lookup table. The vulnerability is fixed in FreeRDP version 3.20.1. Users should update to this version or later to mitigate the risk. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.6, indicating a medium severity level.

Vendor
FreeRDP
Product
Unknown
CVSS
MEDIUM 5.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-14
Original CVE updated
2026-06-30
Advisory published
2026-01-14
Advisory updated
2026-06-30

Who should care

Organizations and individuals using FreeRDP for remote desktop connections should be aware of this vulnerability. Given the medium severity score of 5.6, it is recommended that users update to version 3.20.1 or later to prevent potential exploitation. This is particularly important for environments where remote access is common, as exploitation could lead to unauthorized access or data breaches.

Technical summary

The vulnerability in FreeRDP is caused by a global-buffer-overflow in the Base64 decoding path. This occurs because the char type is treated as unsigned on Arm/AArch64 architectures, allowing non-ASCII bytes (0x80-0xFF) to bypass intended range restrictions. These bytes can then be used as an index into a global lookup table, resulting in an out-of-bounds access. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, reflecting a medium severity level.

Defensive priority

Given the medium severity of this vulnerability, defenders should prioritize updating FreeRDP to version 3.20.1 or later. This update will prevent potential exploitation of the global-buffer-overflow vulnerability in the Base64 decoding path.

Recommended defensive actions

  • Update FreeRDP to version 3.20.1 or later.
  • Review and apply additional security measures for remote desktop connections.
  • Monitor for any suspicious activity related to remote desktop access.
  • Ensure that all relevant systems and software are up-to-date with the latest security patches.
  • Consider implementing additional security controls, such as multi-factor authentication, for remote access.

Evidence notes

The CVE-2026-22858 vulnerability details are based on information from the CVE.org record and the National Vulnerability Database (NVD). The vulnerability is caused by a global-buffer-overflow in FreeRDP's Base64 decoding path, which can lead to out-of-bounds access. The vulnerability is fixed in FreeRDP version 3.20.1.

Official resources

This article is AI-assisted and based on the supplied source corpus.