Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.5

FreeRDP Remote Desktop Protocol Implementation: Pointer Dangling on Disconnect

CVE-2026-26986
Summary

FreeRDP users should update to version 3.23.0 or later to prevent potential crashes or data corruption when disconnecting from a remote session. This issue affects older versions of FreeRDP used for remote desktop connections. Update your software to the latest version to remain secure.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
freerdp freerdp <= 3.23.0 –
Original title
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_r...
Original description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail_window_common` calls `free(appWindow)` on title allocation failure without first removing the entry from the `railWindows` hash table, leaving a dangling pointer that is freed again on disconnect. Version 3.23.0 fixes the vulnerability.
nvd CVSS3.1 7.5
nvd CVSS4.0 5.5
Vulnerability type
CWE-416 Use After Free
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026