Heap-Based Buffer Overflow in NeutrinoRDP Module of xrdp by Neutrino Labs
CVE-2026-32623

7.7HIGH

Key Information:

Vendor: Neutrinolabs
Status: Xrdp
Vendor: CVE Published:; 17 April 2026

🔔 Create Neutrinolabs Vulnerability Alert

What is CVE-2026-32623?

The NeutrinoRDP module in xrdp is susceptible to a heap-based buffer overflow due to inadequate validation of fragmented virtual channel data size. This vulnerability can occur when proxying RDP sessions, allowing malicious actors to exploit the flaw, potentially resulting in memory corruption and facilitating Denial of Service (DoS) or Remote Code Execution (RCE) attacks. It is important to note that this risk is present only in configurations where the NeutrinoRDP module is explicitly enabled and compiled. Users should take precautionary measures and verify their xrdp setup by checking for --enable-neutrinordp in the command output. The vulnerability has been addressed in version 0.10.6.

Affected Version(s)

xrdp < 0.10.6

References

https://github.com/neutrinolabs/xrdp/security/advisories/...

x_refsource_CONFIRM

https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6

x_refsource_MISC

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Mar 12, 2026

CVE-2026-32623 Data

JSON