CVE-2026-22855

EUVD-2026-2672
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
freerdpfreerdp
𝑥
< 3.20.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
Red HatRed Hat Enterprise Linux 10
2:3.10.3-12.el10_2.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10
2:3.10.3-5.el10_1.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support
2:3.10.3-3.el10_0.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support
0:2.1.1-5.el7_9.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8
2:2.11.7-3.el8_10 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
2:2.2.0-8.el8_4 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
2:2.2.0-8.el8_4 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
2:2.2.0-7.el8_6.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service
2:2.2.0-7.el8_6.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
2:2.2.0-7.el8_6.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service
2:2.2.0-12.el8_8.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions
2:2.2.0-12.el8_8.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
2:2.11.7-1.el9_7.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
2:2.4.1-3.el9_0.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions
2:2.4.1-6.el9_2.3 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support
2:2.11.2-1.el9_4.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support
2:2.11.7-1.el9_6.2 ≤
𝑥
< *
ADP
Debian logo
Debian Releases
Debian Product
Codename
freerdp2
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
freerdp3
forky
3.27.0+dfsg-1
fixed
sid
3.28.0+dfsg-2
fixed
trixie
3.15.0+dfsg-2.1+deb13u3
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
freerdp
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-devel
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 12 SP5
2.1.2-12.57.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-proxy
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-proxy-plugins
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-sdl
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-server
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp2
suse enterprise desktop 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.8.1
fixed
freerdp2-devel
suse enterprise desktop 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.8.1
fixed
freerdp2-proxy
suse enterprise desktop 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.8.1
fixed
freerdp2-server
suse enterprise desktop 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.8.1
fixed
libfreerdp-server-proxy3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
libfreerdp2-2
suse enterprise desktop 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.8.1
fixed
libfreerdp3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
librdtk0-0
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
libwinpr2-2
suse enterprise desktop 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.8.1
fixed
libwinpr3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
winpr-devel
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
winpr2-devel
suse enterprise desktop 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise server 12 SP5
2.1.2-12.57.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.8.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.8.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
freerdp
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
freerdp-devel
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
freerdp-libs
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
libwinpr
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
libwinpr-devel
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
freerdp
Amazon Linux 2
2:2.11.7-1.amzn2.0.4
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-debuginfo
Amazon Linux 2
2:2.11.7-1.amzn2.0.4
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-debugsource
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-devel
Amazon Linux 2
2:2.11.7-1.amzn2.0.4
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-libs
Amazon Linux 2
2:2.11.7-1.amzn2.0.4
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-libs-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-server
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-server-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
libwinpr
Amazon Linux 2
2:2.11.7-1.amzn2.0.4
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
libwinpr-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
libwinpr-devel
Amazon Linux 2
2:2.11.7-1.amzn2.0.4
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed