CVE-2026-27950

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A previous fix for a heap-use-after-free issue was incomplete. The vulnerable code exists in the SDL2 implementation, where a pointer is not nulled after being freed, potentially leading to a security issue. The fix was initially applied only to the SDL3 code path.

Recommendations Update to version 3.23.0 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-04156

CVE-2026-27950

GHSA-RVFG-86CR-5R6P

SUSE-SU-2026:1633-1

USN-8105-1

Affected Products

Freerdp

Linuxmint

Ubuntu

CVE-2026-27950

Weakness Enumeration

Related Identifiers

Affected Products

References · 50