CVE-2026-24679
📋 TL;DR
This vulnerability in FreeRDP allows remote attackers to cause an out-of-bounds read by providing malicious interface numbers to the URBDRC client. This could lead to information disclosure or potentially remote code execution. Users of FreeRDP versions before 3.22.0 are affected when using USB redirection features.
💻 Affected Systems
- FreeRDP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise of the FreeRDP client system
Likely Case
Information disclosure through memory leaks or application crash causing denial of service
If Mitigated
Limited impact if USB redirection is disabled or proper network segmentation is in place
🎯 Exploit Status
Requires attacker to control RDP server that client connects to, or man-in-the-middle position
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.22.0
Vendor Advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2jp4-67x6-gv7x
Restart Required: Yes
Instructions:
1. Update FreeRDP to version 3.22.0 or later. 2. For Linux: Use package manager (apt/yum) to update. 3. For Windows: Download latest installer from freerdp.com. 4. Restart any running FreeRDP sessions.
🔧 Temporary Workarounds
Disable USB Redirection
allDisable the vulnerable URBDRC client feature
xfreerdp /usb:id,dev:disable
wfreerdp /usb:id,dev:disable
Network Segmentation
allRestrict FreeRDP connections to trusted servers only
🧯 If You Can't Patch
- Disable USB redirection in all FreeRDP client configurations
- Implement strict network controls to only allow FreeRDP connections to trusted, patched servers
🔍 How to Verify
Check if Vulnerable:
Check FreeRDP version: xfreerdp --version or wfreerdp --version. If version is below 3.22.0 and USB redirection is enabled, system is vulnerable.Check Version:
xfreerdp --version 2>&1 | head -1Verify Fix Applied:
Verify version is 3.22.0 or higher: xfreerdp --version | grep -q '3.22.0\|^[4-9]\|^3\.2[2-9]'📡 Detection & Monitoring
Log Indicators:
- FreeRDP crash logs mentioning libusb_udev_select_interface
- Unexpected memory access errors in system logs
Network Indicators:
- RDP connections to untrusted servers with USB redirection enabled
- Unusual RDP traffic patterns
SIEM Query:
process:freerdp AND (event:crash OR error:memory OR error:out_of_bounds)