FreeRDP: Remote Code Execution on Windows Machines

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

FreeRDP: Remote Code Execution on Windows Machines

RLSA-2026:6005

Summary

A security update is available for FreeRDP, a software that allows remote access to Windows machines. If not updated, hackers could potentially take control of your Windows machine through a remote connection. Update your FreeRDP software to the latest version to protect your system.

What to do

Update freerdp to version 2:2.11.7-4.el8_10.

Affected software

Vendor	Product	Affected versions	Fix available
–	freerdp	<= 2:2.11.7-4.el8_10	2:2.11.7-4.el8_10

Original title

Important: freerdp security update

Original description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

* freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path (CVE-2026-26965)

* freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline (CVE-2026-26955)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

osv CVSS3.1 8.8

https://errata.rockylinux.org/RLSA-2026:6005 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2442959 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2443132 Third Party Advisory

Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026