CVE-2026-44420

EUVD-2026-33435
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
freerdpfreerdp
𝑥
< 3.26.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freerdp2
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
freerdp3
forky
3.27.0+dfsg-1
fixed
sid
3.28.0+dfsg-1
fixed
trixie
no-dsa
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
freerdp
Amazon Linux 2
2:2.11.7-1.amzn2.0.12
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
freerdp-debuginfo
Amazon Linux 2
2:2.11.7-1.amzn2.0.12
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
freerdp-debugsource
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
freerdp-devel
Amazon Linux 2
2:2.11.7-1.amzn2.0.12
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
freerdp-libs
Amazon Linux 2
2:2.11.7-1.amzn2.0.12
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
freerdp-libs-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
freerdp-server
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
freerdp-server-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
libwinpr
Amazon Linux 2
2:2.11.7-1.amzn2.0.12
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
libwinpr-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed
libwinpr-devel
Amazon Linux 2
2:2.11.7-1.amzn2.0.12
fixed
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.12
fixed