Integer Underflow Vulnerability in FreeRDP Remote Desktop Protocol Implementation
CVE-2026-29776

3.1LOW

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-29776?

FreeRDP, an open-source implementation of the Remote Desktop Protocol, contains an Integer Underflow vulnerability in the update_read_cache_bitmap_order function of its core library. This flaw can potentially allow an attacker to exploit the affected systems when utilized in certain scenarios, leading to unexpected behavior or access issues. The vulnerability has been addressed in version 3.24.0, where proper validations have been introduced. Users are strongly encouraged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

FreeRDP < 3.24.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e...

x_refsource_MISC

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-29776 Data

JSON

Freerdp

What is CVE-2026-29776?

Affected Version(s)

References

CVSS V3.1

Timeline