Off-by-One Vulnerability in FreeRDP Remote Desktop Protocol Implementation
CVE-2026-40254

4.2MEDIUM

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-40254?

FreeRDP, a widely used implementation of the Remote Desktop Protocol, has an off-by-one vulnerability in its path traversal filter. Specifically, versions before 3.25.0 contain a flaw in the contains_dotdot() function, which fails to adequately mitigate path traversal risks. This oversight allows a malicious RDP server to exploit the vulnerability, potentially granting unauthorized access to files one directory above the client's shared folder when users connect with drive redirection enabled. Upgrading to version 3.25.0 is essential to patch this security issue and safeguard sensitive data.

Affected Version(s)

FreeRDP < 3.25.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40254 Data

JSON

Freerdp

What is CVE-2026-40254?

Affected Version(s)

References

CVSS V3.1

Timeline