Out-of-Bounds Write Vulnerability in FreeRDP Remote Desktop Protocol Implementation
CVE-2026-45700

7.7HIGH

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-45700?

FreeRDP, a free implementation of the Remote Desktop Protocol, is vulnerable to an out-of-bounds heap write due to improper validation in its planar bitmap decoder. When processing RLE planar data, the function responsible for decompression allows an attacker to bypass coordinate validation, leading to potential memory corruption. This occurs when the destination coordinate exceeds the expected limits, enabled by large input values. This vulnerability has been addressed in FreeRDP version 3.26.0.

Affected Version(s)

FreeRDP < 3.26.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45700 Data

JSON

Freerdp

What is CVE-2026-45700?

Affected Version(s)

References

CVSS V4

Timeline