CVE-2026-33995

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A double-free issue exists in the kerberos AcceptSecurityContext() and kerberos InitializeSecurityContextA() functions (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c). This can lead to a crash in FreeRDP clients on systems configured with Kerberos and/or Kerberos U2U, such as Samba AD members or systems using krb5 for NFS. The crash occurs during Network Level Authentication (NLA) connection teardown and requires a failed authentication attempt.

Recommendations Upgrade to FreeRDP version 3.24.2 or later.