CVE-2026-24684

EUVD-2026-6491
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
freerdpfreerdp
𝑥
< 3.22.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freerdp2
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
freerdp3
forky
3.26.0+dfsg-1
fixed
sid
3.26.0+dfsg-1
fixed
trixie
3.15.0+dfsg-2.1+deb13u3
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
freerdp
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
freerdp-devel
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 12 SP5
2.1.2-12.57.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
freerdp-proxy
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
freerdp-proxy-plugins
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
freerdp-sdl
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
freerdp-server
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
freerdp2
suse enterprise desktop 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.17.1
fixed
freerdp2-devel
suse enterprise desktop 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.17.1
fixed
freerdp2-proxy
suse enterprise desktop 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.17.1
fixed
freerdp2-server
suse enterprise desktop 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.17.1
fixed
libfreerdp-server-proxy3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
libfreerdp2-2
suse enterprise desktop 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.17.1
fixed
libfreerdp3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
librdtk0-0
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
libwinpr2-2
suse enterprise desktop 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.17.1
fixed
libwinpr3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
winpr-devel
suse enterprise desktop 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.6.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.6.1
fixed
winpr2-devel
suse enterprise desktop 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise sap 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise server 12 SP5
2.1.2-12.57.1
fixed
suse enterprise server 15 SP7
2.11.7-150700.3.17.1
fixed
suse enterprise workstation 15 SP7
2.11.7-150700.3.17.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
freerdp
RHEL 8
2:2.11.7-6.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-12.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.5
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.5
fixed
RHEL 9
2:2.11.7-1.el9_7.5
fixed
freerdp-devel
RHEL 8
2:2.11.7-6.el8_10
fixed
RHEL 9
2:2.11.7-1.el9_7.5
fixed
freerdp-libs
RHEL 8
2:2.11.7-6.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-12.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.5
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.5
fixed
RHEL 9
2:2.11.7-1.el9_7.5
fixed
libwinpr
RHEL 8
2:2.11.7-6.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-12.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.5
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.5
fixed
RHEL 9
2:2.11.7-1.el9_7.5
fixed
libwinpr-devel
RHEL 8
2:2.11.7-6.el8_10
fixed
RHEL 8.4 AUS
2:2.2.0-12.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.5
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.5
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.5
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.5
fixed
RHEL 9
2:2.11.7-1.el9_7.5
fixed
Common Weakness Enumeration
References
https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696
https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q