CVE Catalog

CVE-2026-22855

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.76%

51th percentile - higher than 51% of all known CVEs

Summary

In FreeRDP prior to 3.20.1, a heap out-of-bounds read vulnerability exists in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length.

Risk Assessment

An attacker could exploit this vulnerability to read sensitive memory data or cause a denial of service in the RDP service, compromising system integrity and confidentiality.

Recommendation

Immediately update FreeRDP to version 3.20.1 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS