CVE Catalog

CVE-2026-22853

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.66%

47th percentile - higher than 47% of all known CVEs

Summary

In FreeRDP prior to version 3.20.1, the RDPEAR NDR array reader does not perform bounds checking on the on-wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array.

Risk Assessment

An attacker can remotely exploit this vulnerability to cause a heap buffer overflow, potentially leading to arbitrary code execution or RDP service crash, compromising system confidentiality and availability.

Recommendation

Immediately upgrade FreeRDP to version 3.20.1 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS