CVE-2026-57158
EUVD-2026-4300510.07.2026, 20:16
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Debian Releases
Common Weakness Enumeration