CVE-2026-23532 – A heap buffer overflow vulnerability in FreeRDP... (How to Fix)

Q: What is the severity of CVE-2026-23532?

CVE-2026-23532 has a CVSS score of 9.8 (CRITICAL). A heap buffer overflow vulnerability in FreeRDP client allows malicious RDP servers to trigger client-side memory corruption. This can cause denial of service (crash) and potentially remote code execution depending on heap conditions. All FreeRDP clients connecting to untrusted servers are affected.

📋 TL;DR

A heap buffer overflow vulnerability in FreeRDP client allows malicious RDP servers to trigger client-side memory corruption. This can cause denial of service (crash) and potentially remote code execution depending on heap conditions. All FreeRDP clients connecting to untrusted servers are affected.

💻 Affected Systems

Products:

FreeRDP

Versions: All versions prior to 3.21.0

Operating Systems: Linux, Windows, macOS, BSD - any OS running FreeRDP

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FreeRDP clients, not servers. Vulnerability is triggered when connecting to malicious RDP servers.

📦 What is this software?

Freerdp by Freerdp

View all CVEs affecting Freerdp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on client system with attacker gaining full control of the FreeRDP client process and potentially the underlying system.

🟠

Likely Case

Client application crash (denial of service) with potential heap corruption that could lead to information disclosure or further exploitation.

🟢

If Mitigated

No impact if patched version is used or if clients only connect to trusted, non-malicious RDP servers.

🌐 Internet-Facing: HIGH - FreeRDP clients connecting to internet-facing RDP servers are directly exposed to exploitation.

🏢 Internal Only: MEDIUM - Internal RDP servers could be compromised or malicious, but attack surface is more limited than internet-facing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires client to connect to malicious server. Heap layout dependencies may affect reliability of code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.21.0

Vendor Advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr

Restart Required: Yes

Instructions:

1. Download FreeRDP 3.21.0 or newer from official repository. 2. Uninstall old version. 3. Install new version. 4. Restart any running FreeRDP processes or the system.

🔧 Temporary Workarounds

Restrict RDP connections

all

Configure FreeRDP to only connect to trusted, known RDP servers using allowlists or network segmentation.

Use alternative RDP client

all

Temporarily use Microsoft Remote Desktop Client or other RDP clients until FreeRDP can be patched.

🧯 If You Can't Patch

Implement network segmentation to isolate FreeRDP clients from untrusted networks
Deploy application control to prevent execution of potentially malicious payloads from FreeRDP process

🔍 How to Verify

Check if Vulnerable:

Check FreeRDP version with 'xfreerdp --version' or equivalent command for your platform

Check Version:

xfreerdp --version | grep -oP 'version \K[0-9.]+'

Verify Fix Applied:

Verify installed version is 3.21.0 or higher using version check command

📡 Detection & Monitoring

Log Indicators:

FreeRDP client crashes with segmentation faults or heap corruption errors
Unexpected termination of FreeRDP processes

Network Indicators:

RDP connections to unknown or suspicious servers
Abnormal RDP traffic patterns from FreeRDP clients

SIEM Query:

process_name:"freerdp" OR process_name:"xfreerdp" AND (event_type:crash OR exit_code:139 OR exit_code:-1073740940)

📊 Metadata

CVE ID: CVE-2026-23532

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.09% exploit probability (25.3th percentile)

Published: January 19, 2026

Last Updated: January 28, 2026

🔗 References

https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/gdi/gfx.c#L1368-L1382 Product
https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 Release Notes
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23532, you might also want to check these: