PatchSiren cyber security CVE debrief
CVE-2026-23531 FreeRDP CVE debrief
CVE-2026-23531 is a high-severity vulnerability in FreeRDP's ClearCodec. Prior to version 3.21.0, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle. This allows an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. Users should upgrade to version 3.21.0 or later to mitigate this vulnerability.
- Vendor
- FreeRDP
- Product
- Unknown
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-19
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-01-19
- Advisory updated
- 2026-06-30
Who should care
Organizations using FreeRDP versions prior to 3.21.0 should prioritize upgrading to mitigate this high-severity vulnerability. This vulnerability could allow attackers to cause a denial of service (DoS) or potentially execute code on affected clients. Given the high CVSS score of 7.7, security teams should ensure that all instances of FreeRDP are updated to version 3.21.0 or later. Additionally, defenders should monitor for suspicious RDP activity and implement compensating controls such as network segmentation and intrusion detection systems.
Technical summary
The vulnerability exists in the ClearCodec of FreeRDP, specifically in the `clear_decompress` function. When `glyphData` is present, the function calls `freerdp_image_copy_no_overlap` without validating the destination rectangle. This oversight allows attackers to craft RDPGFX surface updates that trigger an out-of-bounds read/write, potentially leading to a heap buffer overflow. The vulnerability is rated High with a CVSS score of 7.7. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
This vulnerability has a high CVSS score of 7.7, indicating a high level of urgency for mitigation. Defenders should prioritize upgrading FreeRDP to version 3.21.0 or later. Additionally, monitoring for suspicious RDP activity and implementing compensating controls such as network segmentation and intrusion detection systems can help mitigate the risk.
Recommended defensive actions
- Upgrade FreeRDP to version 3.21.0 or later
- Monitor for suspicious RDP activity
- Implement compensating controls such as network segmentation and intrusion detection systems
- Review and update incident response plans to address potential code execution risks
- Conduct vulnerability scans to identify affected systems
- Apply patches and updates as soon as possible
Evidence notes
The CVE-2026-23531 vulnerability was publicly disclosed on January 19, 2026, and modified on June 30, 2026. The vulnerability affects FreeRDP versions prior to 3.21.0. The CVSS score is 7.7, indicating a high severity. The vulnerability allows for out-of-bounds read/write via crafted RDPGFX surface updates, potentially leading to a heap buffer overflow. Version 3.21.0 contains a patch for the issue.
Official resources
-
CVE-2026-23531 CVE record
CVE.org
-
CVE-2026-23531 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.