PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31806 FreeRDP CVE debrief

CVE-2026-31806 is a critical heap buffer overflow vulnerability in FreeRDP, a free implementation of the Remote Desktop Protocol. The vulnerability exists in the gdi_surface_bits() function, which processes SURFACE_BITS_COMMAND messages sent by the RDP server. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size, leading to a heap buffer overflow. This vulnerability is fixed in version 3.24.0. Users of FreeRDP should upgrade to version 3.24.0 or later to mitigate this vulnerability. The vulnerability has a CVSS score of 9.3 and is considered critical.

Vendor
FreeRDP
Product
Unknown
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-13
Original CVE updated
2026-06-30
Advisory published
2026-03-13
Advisory updated
2026-06-30

Who should care

Users of FreeRDP, particularly those who use it to connect to remote desktops, should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to version 3.24.0 or later, and ensuring that all instances of FreeRDP are updated. Additionally, users should be cautious when connecting to remote desktops, especially those from untrusted sources.

Technical summary

The gdi_surface_bits() function in FreeRDP processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size, leading to a heap buffer overflow. This can be exploited to overwrite adjacent heap memory, potentially leading to code execution or denial of service.

Defensive priority

This vulnerability has a high defensive priority due to its critical CVSS score and potential for exploitation. Users of FreeRDP should prioritize upgrading to version 3.24.0 or later to mitigate this vulnerability.

Recommended defensive actions

  • Upgrade to version 3.24.0 or later of FreeRDP
  • Ensure all instances of FreeRDP are updated
  • Be cautious when connecting to remote desktops, especially those from untrusted sources
  • Monitor for suspicious activity on remote desktops
  • Implement additional security measures, such as network segmentation and access controls

Evidence notes

The vulnerability is documented in the CVE-2026-31806 record and the NVD detail page. The fix is available in version 3.24.0 of FreeRDP. Users should consult the FreeRDP documentation and security advisories for more information on mitigating this vulnerability.

Official resources

This article is AI-assisted and based on the supplied source corpus.