CVE Catalog

CVE-2026-44420

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
3.47%

88th percentile - higher than 88% of all known CVEs

Summary

In FreeRDP prior to 3.26.0, a heap-buffer-overflow write vulnerability exists in the server-side clipboard (cliprdr) channel. A malicious RDP client can send a CB_CLIP_CAPS PDU with an undersized capabilitySetLength, causing a write beyond allocated heap memory.

Risk Assessment

This can crash the server process (remote DoS) and may be exploitable for arbitrary code execution due to heap memory corruption, posing a serious risk to system availability and integrity.

Recommendation

Upgrade FreeRDP to version 3.26.0 or later immediately, as it contains the fix for this vulnerability.

Original NVD description (English source)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS