Heap Buffer Overflow in FreeRDP for Remote Desktop Protocol
CVE-2026-31806

9.3CRITICAL

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-31806?

FreeRDP, an open-source implementation of the Remote Desktop Protocol, has a vulnerability affecting versions prior to 3.24.0. The gdi_surface_bits() function fails to validate the bmp.width and bmp.height values sent by malicious RDP servers against the expected dimensions of the desktop. This oversight can lead to a heap buffer overflow during bitmap decoding and memory operations due to improper bounds checking. An attacker can exploit this vulnerability by crafting specific pixel data, potentially allowing them to overwrite adjacent memory. The issue is resolved in version 3.24.0.

Affected Version(s)

FreeRDP < 3.24.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74...

x_refsource_MISC

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31806 Data

JSON

Freerdp

What is CVE-2026-31806?

Affected Version(s)

References

CVSS V4

Timeline