CVE-2026-33952

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2

Description FreeRDP is a free implementation of the Remote Desktop Protocol. An unvalidated auth length field read from the network triggers a WINPR ASSERT() failure in the rts read auth verifier no checks() function, causing FreeRDP clients connecting through a malicious RDP Gateway to crash. This is a pre-authentication denial of service affecting clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds.

Recommendations Update to version 3.24.2 or later.