CVE-2026-33983 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Affected Products (NVD)

Vendor	Product	Version
freerdp	freerdp	𝑥 < 3.24.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

freerdp2

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable

freerdp3

forky	3.24.2+dfsg-1 fixed
sid	3.26.0+dfsg-1 fixed
trixie	no-dsa

Red Hat Enterprise Linux Releases

Red Hat Product

Release

freerdp

RHEL 8	2:2.11.7-7.el8_10 fixed
RHEL 8.2 AUS	2:2.0.0-46.rc4.el8_2.11 fixed
RHEL 8.4 AUS	2:2.2.0-13.el8_4 fixed
RHEL 8.6 AUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 E4S	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 TUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.8 E4S	2:2.2.0-12.el8_8.6 fixed
RHEL 8.8 TUS	2:2.2.0-12.el8_8.6 fixed
RHEL 9	2:2.11.7-1.el9_7.6 fixed

freerdp-devel

RHEL 8	2:2.11.7-7.el8_10 fixed
RHEL 9	2:2.11.7-1.el9_7.6 fixed

freerdp-libs

RHEL 8	2:2.11.7-7.el8_10 fixed
RHEL 8.2 AUS	2:2.0.0-46.rc4.el8_2.11 fixed
RHEL 8.4 AUS	2:2.2.0-13.el8_4 fixed
RHEL 8.6 AUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 E4S	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 TUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.8 E4S	2:2.2.0-12.el8_8.6 fixed
RHEL 8.8 TUS	2:2.2.0-12.el8_8.6 fixed
RHEL 9	2:2.11.7-1.el9_7.6 fixed

libwinpr

RHEL 8	2:2.11.7-7.el8_10 fixed
RHEL 8.2 AUS	2:2.0.0-46.rc4.el8_2.11 fixed
RHEL 8.4 AUS	2:2.2.0-13.el8_4 fixed
RHEL 8.6 AUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 E4S	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 TUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.8 E4S	2:2.2.0-12.el8_8.6 fixed
RHEL 8.8 TUS	2:2.2.0-12.el8_8.6 fixed
RHEL 9	2:2.11.7-1.el9_7.6 fixed

libwinpr-devel

RHEL 8	2:2.11.7-7.el8_10 fixed
RHEL 8.2 AUS	2:2.0.0-46.rc4.el8_2.11 fixed
RHEL 8.4 AUS	2:2.2.0-13.el8_4 fixed
RHEL 8.6 AUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 E4S	2:2.2.0-7.el8_6.6 fixed
RHEL 8.6 TUS	2:2.2.0-7.el8_6.6 fixed
RHEL 8.8 E4S	2:2.2.0-12.el8_8.6 fixed
RHEL 8.8 TUS	2:2.2.0-12.el8_8.6 fixed
RHEL 9	2:2.11.7-1.el9_7.6 fixed

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Vulnerability Media Exposure

[GERMAN] FreeRDP: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Published: 2026-03-25T23:00:00+00:00

References

https://github.com/FreeRDP/FreeRDP/commit/78188ab479c8e6eb9ba2475b3732c76b4bbe5425

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478