PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-26955 FreeRDP CVE debrief

CVE-2026-26955 is a heap buffer overflow vulnerability in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious RDP server can trigger the vulnerability by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle. This allows attacker-controlled data to reach image copy routines that write into surface data without bounds enforcement. The vulnerability affects FreeRDP versions prior to 3.23.0. Users should upgrade to version 3.23.0 to receive a patch. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.8, indicating a high severity level.

Vendor
FreeRDP
Product
Unknown
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-25
Original CVE updated
2026-06-30
Advisory published
2026-02-25
Advisory updated
2026-06-30

Who should care

Organizations using FreeRDP clients, such as xfreerdp, should be aware of this vulnerability and take action to mitigate it. This includes upgrading to version 3.23.0 or applying patches provided by vendors. Additionally, defenders should monitor for potential exploitation attempts and implement compensating controls to detect and prevent attacks.

Technical summary

The vulnerability is caused by a lack of bounds checking in the gdi_SurfaceCommand_ClearCodec() handler. Specifically, the handler does not call is_within_surface() to validate the command rectangle against the destination surface dimensions. This allows an attacker to send a crafted RDPGFX ClearCodec surface command that triggers a heap buffer overflow. The overflow corrupts an adjacent gdiGfxSurface struct's codecs* pointer with attacker-controlled pixel data, allowing for indirect function pointer call exploitation.

Defensive priority

High

Recommended defensive actions

  • Upgrade to FreeRDP version 3.23.0 or later
  • Apply patches provided by vendors, such as Red Hat
  • Monitor for potential exploitation attempts
  • Implement compensating controls to detect and prevent attacks
  • Perform inventory checks to identify affected systems

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and potential mitigations. The source item URL provides additional context and references. The CVE-2026-26955 CVE record and NVD detail indicate that the vulnerability has a high CVSS score of 8.8.

Official resources

This article was generated with AI assistance based on the supplied source corpus.