CVE-2026-44420
HighCVSS 8.8Exploitation Probability (EPSS)
High risk88th percentile - higher than 88% of all known CVEs
Summary
In FreeRDP prior to 3.26.0, a heap-buffer-overflow write vulnerability exists in the server-side clipboard (cliprdr) channel. A malicious RDP client can send a CB_CLIP_CAPS PDU with an undersized capabilitySetLength, causing a write beyond allocated heap memory.
Risk Assessment
This can crash the server process (remote DoS) and may be exploitable for arbitrary code execution due to heap memory corruption, posing a serious risk to system availability and integrity.
Recommendation
Upgrade FreeRDP to version 3.26.0 or later immediately, as it contains the fix for this vulnerability.
Original NVD description (English source)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.

