Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
FreeRDP Remote Desktop Protocol Implementation Out-of-Bounds Read
CVE-2026-25942
Summary
The FreeRDP Remote Desktop Protocol implementation has a bug that can allow an attacker to access sensitive data. This issue is fixed in version 3.23.0, so update FreeRDP to this version or later to protect your system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| freerdp | freerdp | <= 3.23.0 | – |
Original title
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) wit...
Original description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with an unchecked `execResult->execResult` value received from the server, allowing an out-of-bounds read when the server sends an `execResult` value of 7 or greater. Version 3.23.0 fixes the issue.
nvd CVSS3.1
7.5
nvd CVSS4.0
5.5
Vulnerability type
CWE-125
Out-of-bounds Read
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c... Patch
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c... Patch
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c... Patch
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c... Patch
- https://github.com/FreeRDP/FreeRDP/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc... Patch
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78q6-67m7-wwf6 Exploit Mitigation Patch Vendor Advisory
Published: 25 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026