Heap Buffer Overflow in FreeRDP Remote Desktop Clients
CVE-2026-26955

8.8HIGH

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 25 February 2026

What is CVE-2026-26955?

FreeRDP, a free implementation of the Remote Desktop Protocol, is susceptible to a heap buffer overflow vulnerability that could be triggered by a malicious RDP server. Attackers can exploit this weakness by sending an invalid RDPGFX ClearCodec surface command containing an out-of-bounds destination rectangle to unpatched clients. This oversight in the gdi_SurfaceCommand_ClearCodec() function allows for out-of-bounds writes, which can corrupt adjacent memory structures, leading to potential remote code execution. Users are urged to upgrade to version 3.23.0 or later to mitigate the risks associated with this vulnerability.

Affected Version(s)

FreeRDP < 3.23.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Feb 16, 2026

CVE-2026-26955 Data

JSON

Freerdp

What is CVE-2026-26955?

Affected Version(s)

References

CVSS V3.1

Timeline