CVE-2026-22855
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk51th percentile - higher than 51% of all known CVEs
Summary
In FreeRDP prior to 3.20.1, a heap out-of-bounds read vulnerability exists in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length.
Risk Assessment
An attacker could exploit this vulnerability to read sensitive memory data or cause a denial of service in the RDP service, compromising system integrity and confidentiality.
Recommendation
Immediately update FreeRDP to version 3.20.1 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.

