FreeRDP: Remote Code Execution and Denial of Service Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

FreeRDP: Remote Code Execution and Denial of Service Risk

RLSA-2026:8457

Summary

FreeRDP, a tool for connecting to remote desktops, has a security weakness that could allow hackers to inject malicious code or crash the connection. This could happen if a hacker sends a specially crafted message to the remote desktop. To stay safe, update your FreeRDP software as soon as possible to fix this issue.

What to do

Update freerdp to version 2:2.11.7-1.el9_7.6.

Affected software

Ecosystem	Vendor	Product	Affected versions
Rocky Linux:9	–	freerdp	< 2:2.11.7-1.el9_7.6 Fix: upgrade to 2:2.11.7-1.el9_7.6

Original title

Important: freerdp security update

Original description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

* FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data (CVE-2026-33984)

* FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages (CVE-2026-33983)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

osv CVSS3.1 7.5

https://errata.rockylinux.org/RLSA-2026:8457 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2453219 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2453220 Third Party Advisory

Published: 19 Apr 2026 · Updated: 19 Apr 2026 · First seen: 19 Apr 2026