CVE-2026-27951 – This vulnerability in FreeRDP's Stream

Q: What is the severity of CVE-2026-27951?

CVE-2026-27951 has a CVSS score of 5.3 (MEDIUM). This vulnerability in FreeRDP's Stream_EnsureCapacity function can cause an endless blocking loop, potentially leading to denial of service. It affects all FreeRDP client and server implementations on 32-bit systems with sufficient physical memory. The issue was patched in version 3.23.0.

📋 TL;DR

This vulnerability in FreeRDP's Stream_EnsureCapacity function can cause an endless blocking loop, potentially leading to denial of service. It affects all FreeRDP client and server implementations on 32-bit systems with sufficient physical memory. The issue was patched in version 3.23.0.

💻 Affected Systems

Products:

FreeRDP

Versions: All versions prior to 3.23.0

Operating Systems: All operating systems running FreeRDP

Default Config Vulnerable: ⚠️ Yes

Notes: Only exploitable on 32-bit systems where available physical memory >= SIZE_MAX (4GB). 64-bit systems are not affected.

📦 What is this software?

Freerdp by Freerdp

View all CVEs affecting Freerdp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service on affected FreeRDP instances, making RDP services unavailable until restart.

🟠

Likely Case

Service disruption or instability on vulnerable 32-bit systems when specific memory conditions are met.

🟢

If Mitigated

Minimal impact if patched or running on 64-bit systems or systems with insufficient memory.

🌐 Internet-Facing: MEDIUM - FreeRDP servers exposed to internet could be targeted for DoS attacks.

🏢 Internal Only: LOW - Internal FreeRDP clients/servers have limited attack surface and require specific conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific memory conditions and targeting of FreeRDP instances. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.23.0

Vendor Advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcfc-ghxr-h927

Restart Required: Yes

Instructions:

1. Download FreeRDP version 3.23.0 or later from official sources. 2. Stop all FreeRDP services. 3. Install the updated version. 4. Restart FreeRDP services.

🧯 If You Can't Patch

Migrate to 64-bit systems where the vulnerability does not apply.
Limit FreeRDP usage to trusted networks only.

🔍 How to Verify

Check if Vulnerable:

Check FreeRDP version with 'xfreerdp --version' or equivalent command for your platform. If version is below 3.23.0 and running on 32-bit system, it is vulnerable.

Check Version:

xfreerdp --version

Verify Fix Applied:

Confirm FreeRDP version is 3.23.0 or higher using 'xfreerdp --version' and verify system is 64-bit or has insufficient memory for exploitation.

📡 Detection & Monitoring

Log Indicators:

Unusual FreeRDP process hangs or crashes
High memory usage patterns in FreeRDP processes

Network Indicators:

RDP connection failures to FreeRDP services
Unresponsive FreeRDP endpoints

SIEM Query:

Process:FreeRDP AND (EventID:1000 OR EventID:1001) OR MemoryUsage:>90%

📊 Metadata

CVE ID: CVE-2026-27951

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-190

Published: February 25, 2026

Last Updated: February 27, 2026

🔗 References

https://github.com/FreeRDP/FreeRDP/commit/118afc0b954ba9d5632b7836ad24e454555ed113 Patch
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcfc-ghxr-h927 Exploit,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27951, you might also want to check these: