Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Microsoft Windows Remote Desktop Server Can Be Hacked
SUSE-SU-2026:1398-1
Summary
FreeRDP, a tool for remote desktop connections, has security updates to prevent hackers from taking control of your server or executing malicious code. This update is important if you use remote desktop connections for work or business. Update your software as soon as possible to stay secure.
What to do
- Update freerdp to version 3.10.3-150700.3.9.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Package Hub 15 SP7 | – | freerdp |
< 3.10.3-150700.3.9.1 Fix: upgrade to 3.10.3-150700.3.9.1
|
| SUSE:Linux Enterprise Workstation Extension 15 SP7 | – | freerdp |
< 3.10.3-150700.3.9.1 Fix: upgrade to 3.10.3-150700.3.9.1
|
Original title
Security update for freerdp
Original description
This update for freerdp fixes the following issues:
Security fixes:
- CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979).
- CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982).
- CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985).
- CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution
(bsc#1259653).
- CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overflow write (bsc#1259679).
- CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686).
Other changes for freerdp:
- Check the channel pointer before reset, avoiding subtle crash (bsc#1261848)
Security fixes:
- CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979).
- CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982).
- CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985).
- CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution
(bsc#1259653).
- CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overflow write (bsc#1259679).
- CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686).
Other changes for freerdp:
- Check the channel pointer before reset, avoiding subtle crash (bsc#1261848)
- https://www.suse.com/support/update/announcement/2026/suse-su-20261398-1/ Vendor Advisory
- https://bugzilla.suse.com/1258979 Third Party Advisory
- https://bugzilla.suse.com/1258982 Third Party Advisory
- https://bugzilla.suse.com/1258985 Third Party Advisory
- https://bugzilla.suse.com/1259653 Third Party Advisory
- https://bugzilla.suse.com/1259679 Third Party Advisory
- https://bugzilla.suse.com/1259686 Third Party Advisory
- https://bugzilla.suse.com/1261848 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-24491 URL
- https://www.suse.com/security/cve/CVE-2026-26271 URL
- https://www.suse.com/security/cve/CVE-2026-26955 URL
- https://www.suse.com/security/cve/CVE-2026-26965 URL
- https://www.suse.com/security/cve/CVE-2026-31806 URL
- https://www.suse.com/security/cve/CVE-2026-31883 URL
- https://www.suse.com/security/cve/CVE-2026-31885 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026