Privilege Escalation in xrdp Server from Neutrinolabs
CVE-2026-32107

8.8HIGH

Key Information:

Vendor: Neutrinolabs
Status: Xrdp
Vendor: CVE Published:; 17 April 2026

🔔 Create Neutrinolabs Vulnerability Alert

What is CVE-2026-32107?

The xrdp server, an open-source Remote Desktop Protocol (RDP) solution, has a vulnerability in its session execution component found in versions up to 0.10.5. The issue arises from improper handling of errors during the privilege drop process, which could potentially enable an authenticated local attacker to escalate privileges to root. This flaw requires an additional exploit to fully execute arbitrary code on the affected system. Users are advised to upgrade to version 0.10.6, where this vulnerability has been addressed.

Affected Version(s)

xrdp < 0.10.6

References

https://github.com/neutrinolabs/xrdp/security/advisories/...

x_refsource_CONFIRM

https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-32107 Data

JSON