VIR Vulnerability Intelligence Relay

CVE-2026-44420

high
Published 2026-05-29 Β· Modified 2026-06-02
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
8.8

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.

Predictions

Exploit likelihood
92%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker Β· View original β†— Β· DFSG

CVE-2026-44420 NameCVE-2026-44420 DescriptionFreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code…

CVE-2026-44420

NameCVE-2026-44420
DescriptionFreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freerdp2 (PTS)bullseye2.3.0+dfsg1-2+deb11u1vulnerable
bullseye (security)2.3.0+dfsg1-2+deb11u3vulnerable
bookworm2.11.7+dfsg1-6~deb12u1vulnerable
freerdp3 (PTS)trixie3.15.0+dfsg-2.1+deb13u3vulnerable
forky, sid3.26.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freerdp2source(unstable)(unfixed)
freerdp3source(unstable)3.26.0+dfsg-1

Notes

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3r

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3r

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
debian Debian Mixed 5 releases
VersionStatusFixed in
trixie Affected β€”
sid Fixed 3.26.0+dfsg-1
forky Fixed 3.26.0+dfsg-1
bullseye Affected β€”
bookworm Affected β€”

Application impact
VendorProductVersionsFixed
freerdpfreerdp{"endExcluding":"3.26.0"}3.26.0

References

CWEs

CWE-122

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.