PatchSiren cyber security CVE debrief
CVE-2026-26955 FreeRDP CVE debrief
CVE-2026-26955 is a heap buffer overflow vulnerability in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious RDP server can trigger the vulnerability by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle. This allows attacker-controlled data to reach image copy routines that write into surface data without bounds enforcement. The vulnerability affects FreeRDP versions prior to 3.23.0. Users should upgrade to version 3.23.0 to receive a patch. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.8, indicating a high severity level.
- Vendor
- FreeRDP
- Product
- Unknown
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-25
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-25
- Advisory updated
- 2026-06-30
Who should care
Organizations using FreeRDP clients, such as xfreerdp, should be aware of this vulnerability and take action to mitigate it. This includes upgrading to version 3.23.0 or applying patches provided by vendors. Additionally, defenders should monitor for potential exploitation attempts and implement compensating controls to detect and prevent attacks.
Technical summary
The vulnerability is caused by a lack of bounds checking in the gdi_SurfaceCommand_ClearCodec() handler. Specifically, the handler does not call is_within_surface() to validate the command rectangle against the destination surface dimensions. This allows an attacker to send a crafted RDPGFX ClearCodec surface command that triggers a heap buffer overflow. The overflow corrupts an adjacent gdiGfxSurface struct's codecs* pointer with attacker-controlled pixel data, allowing for indirect function pointer call exploitation.
Defensive priority
High
Recommended defensive actions
- Upgrade to FreeRDP version 3.23.0 or later
- Apply patches provided by vendors, such as Red Hat
- Monitor for potential exploitation attempts
- Implement compensating controls to detect and prevent attacks
- Perform inventory checks to identify affected systems
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its impact, and potential mitigations. The source item URL provides additional context and references. The CVE-2026-26955 CVE record and NVD detail indicate that the vulnerability has a high CVSS score of 8.8.
Official resources
-
CVE-2026-26955 CVE record
CVE.org
-
CVE-2026-26955 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Patch, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.