CVE-2026-23534 – A heap buffer overflow vulnerability in FreeRDP... (How to Fix)

Q: What is the severity of CVE-2026-23534?

CVE-2026-23534 has a CVSS score of 9.8 (CRITICAL). A heap buffer overflow vulnerability in FreeRDP's ClearCodec decode path allows malicious RDP servers to trigger client-side memory corruption. This affects FreeRDP clients connecting to untrusted servers, potentially leading to denial of service or remote code execution. All FreeRDP versions before 3.21.0 are vulnerable.

📋 TL;DR

A heap buffer overflow vulnerability in FreeRDP's ClearCodec decode path allows malicious RDP servers to trigger client-side memory corruption. This affects FreeRDP clients connecting to untrusted servers, potentially leading to denial of service or remote code execution. All FreeRDP versions before 3.21.0 are vulnerable.

💻 Affected Systems

Products:

FreeRDP

Versions: All versions prior to 3.21.0

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FreeRDP clients when connecting to RDP servers. Server implementations are not affected.

📦 What is this software?

Freerdp by Freerdp

View all CVEs affecting Freerdp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on client systems when connecting to malicious RDP servers, leading to full system compromise.

🟠

Likely Case

Client crashes (denial of service) with potential heap corruption that could be leveraged for code execution in specific conditions.

🟢

If Mitigated

Limited to denial of service if exploit attempts are blocked or fail due to heap layout protections.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires client to connect to malicious server. Heap layout dependencies may affect reliability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.21.0

Vendor Advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3frr-mp8w-4599

Restart Required: Yes

Instructions:

1. Download FreeRDP 3.21.0 or later from official sources. 2. Uninstall previous version. 3. Install new version. 4. Restart affected systems.

🔧 Temporary Workarounds

Restrict RDP Connections

all

Limit FreeRDP client connections to trusted RDP servers only.

Network Segmentation

all

Isolate FreeRDP clients from untrusted networks using firewalls.

🧯 If You Can't Patch

Implement strict network controls to prevent FreeRDP clients from connecting to untrusted RDP servers.
Monitor for crash events in FreeRDP processes and investigate connections to unknown RDP endpoints.

🔍 How to Verify

Check if Vulnerable:

Check FreeRDP version: xfreerdp --version or freerdp --version

Check Version:

xfreerdp --version 2>/dev/null || freerdp --version 2>/dev/null

Verify Fix Applied:

Verify version is 3.21.0 or higher: xfreerdp --version | grep -E '3\.2[1-9]|3\.[3-9]|4\.'

📡 Detection & Monitoring

Log Indicators:

FreeRDP process crashes
Segmentation fault errors in system logs
Abnormal termination of RDP sessions

Network Indicators:

RDP connections to unknown/untrusted servers
Multiple failed RDP connection attempts

SIEM Query:

process.name:"xfreerdp" OR process.name:"freerdp" AND (event.type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2026-23534

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.1% exploit probability (27.9th percentile)

Published: January 19, 2026

Last Updated: January 28, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23534, you might also want to check these: