CVE-2026-44420

HIGH

FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS

Title source: cna

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.

References (2)

Core 2

Core References

Vendor Advisory

https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8

X_Refsource_Confirm x_refsource_confirm

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3r

Scores

CVSS v3 8.8

EPSS 0.0051

EPSS Percentile 39.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (2)

freerdp/freerdp < 3.26.0

FreeRDP/FreeRDP < 3.26.0

Published May 29, 2026

Tracked Since May 30, 2026