Heap Buffer Overflow in FreeRDP Client Due to Malicious RDP Server
CVE-2026-44421

8.8HIGH

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-44421?

FreeRDP, a widely-used free implementation of the Remote Desktop Protocol, is susceptible to a heap buffer overflow vulnerability. This issue allows a malicious RDP server to exploit the FreeRDP client by sending crafted RDPGFX PDUs, potentially leading to out-of-bounds heap writes. Specifically, the vulnerability lies in the gdi_CacheToSurface function, which improperly validates a destination rectangle but proceeds with an unsafe copy operation based on the original width and height values. As a result, this can result in client crashes or unauthorized code execution when RDPGFX is enabled. It is crucial for users to update to version 3.26.0 or later to mitigate this risk.

Affected Version(s)

FreeRDP < 3.26.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 6, 2026

CVE-2026-44421 Data

JSON

Freerdp

What is CVE-2026-44421?

Affected Version(s)

References

CVSS V3.1

Timeline