PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23531 FreeRDP CVE debrief

CVE-2026-23531 is a high-severity vulnerability in FreeRDP's ClearCodec. Prior to version 3.21.0, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle. This allows an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. Users should upgrade to version 3.21.0 or later to mitigate this vulnerability.

Vendor
FreeRDP
Product
Unknown
CVSS
HIGH 7.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-19
Original CVE updated
2026-06-30
Advisory published
2026-01-19
Advisory updated
2026-06-30

Who should care

Organizations using FreeRDP versions prior to 3.21.0 should prioritize upgrading to mitigate this high-severity vulnerability. This vulnerability could allow attackers to cause a denial of service (DoS) or potentially execute code on affected clients. Given the high CVSS score of 7.7, security teams should ensure that all instances of FreeRDP are updated to version 3.21.0 or later. Additionally, defenders should monitor for suspicious RDP activity and implement compensating controls such as network segmentation and intrusion detection systems.

Technical summary

The vulnerability exists in the ClearCodec of FreeRDP, specifically in the `clear_decompress` function. When `glyphData` is present, the function calls `freerdp_image_copy_no_overlap` without validating the destination rectangle. This oversight allows attackers to craft RDPGFX surface updates that trigger an out-of-bounds read/write, potentially leading to a heap buffer overflow. The vulnerability is rated High with a CVSS score of 7.7. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

This vulnerability has a high CVSS score of 7.7, indicating a high level of urgency for mitigation. Defenders should prioritize upgrading FreeRDP to version 3.21.0 or later. Additionally, monitoring for suspicious RDP activity and implementing compensating controls such as network segmentation and intrusion detection systems can help mitigate the risk.

Recommended defensive actions

  • Upgrade FreeRDP to version 3.21.0 or later
  • Monitor for suspicious RDP activity
  • Implement compensating controls such as network segmentation and intrusion detection systems
  • Review and update incident response plans to address potential code execution risks
  • Conduct vulnerability scans to identify affected systems
  • Apply patches and updates as soon as possible

Evidence notes

The CVE-2026-23531 vulnerability was publicly disclosed on January 19, 2026, and modified on June 30, 2026. The vulnerability affects FreeRDP versions prior to 3.21.0. The CVSS score is 7.7, indicating a high severity. The vulnerability allows for out-of-bounds read/write via crafted RDPGFX surface updates, potentially leading to a heap buffer overflow. Version 3.21.0 contains a patch for the issue.

Official resources

This article is AI-assisted and based on the supplied source corpus.