PatchSiren cyber security CVE debrief
CVE-2026-24678 FreeRDP CVE debrief
CVE-2026-24678 is a high-severity vulnerability in FreeRDP, a free implementation of the Remote Desktop Protocol. The vulnerability, fixed in version 3.22.0, is a use-after-free issue in the ecam_channel_write function. This occurs when a capture thread sends sample responses using a freed channel callback after a device channel close. The vulnerability has a CVSS score of 8.7 and is considered HIGH severity. The CVE was published on February 9, 2026, and last modified on June 30, 2026.
- Vendor
- FreeRDP
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-09
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-09
- Advisory updated
- 2026-06-30
Who should care
Organizations using FreeRDP versions prior to 3.22.0 should prioritize patching this vulnerability. Given the high severity and potential for remote exploitation, defenders should treat affected systems as high-risk assets. Red Hat and other downstream vendors have also released advisories and patches for this issue, indicating broad impact across various Linux distributions.
Technical summary
The vulnerability exists in the ecam_channel_write function of FreeRDP. A capture thread may send sample responses using a channel callback after the device channel has been closed, leading to a use-after-free condition. This can be exploited remotely by an attacker, potentially resulting in code execution or denial of service on affected systems. The issue was addressed in FreeRDP version 3.22.0. CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Defensive priority
Patching affected FreeRDP installations is the top priority. Given the remote exploitability and high CVSS score, defenders should apply the 3.22.0 update or later as soon as possible. Additionally, monitoring for suspicious activity related to Remote Desktop Protocol (RDP) usage may help detect potential exploitation attempts.
Recommended defensive actions
- Apply the FreeRDP 3.22.0 update or later to vulnerable systems.
- Review and apply Red Hat advisories RHSA-2026:19033, RHSA-2026:3068, and RHSA-2026:4121 if applicable.
- Monitor RDP-related logs for unusual activity.
- Consider implementing network access controls to limit RDP exposure.
- Perform a thorough inventory of systems using FreeRDP and prioritize patching based on risk and exposure.
Evidence notes
The CVE-2026-24678 vulnerability was publicly disclosed on February 9, 2026, with a CVSS score of 8.7. The issue was fixed in FreeRDP version 3.22.0. Multiple sources, including GitHub and Red Hat, have provided advisories and patches for this vulnerability. The CVE was last modified on June 30, 2026, indicating ongoing attention to this issue.
Official resources
-
CVE-2026-24678 CVE record
CVE.org
-
CVE-2026-24678 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.