Heap Out-of-Bounds Write in FreeRDP Before Version 3.27.1
CVE-2026-55827
7.5HIGH
What is CVE-2026-55827?
A vulnerability was identified in FreeRDP, where clients using the /cache:codec:rfx option before version 3.27.1 could trigger a heap out-of-bounds write. This occurred because the application improperly handled bitmap data when decoding Cache Bitmap V3 data, allowing an attacker to exploit this flaw by manipulating RDP server responses. Users are advised to update to version 3.27.1 to mitigate any potential risks.
Affected Version(s)
FreeRDP < 3.27.1
