CVE-2026-22853

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1

Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw in RDPEAR’s NDR array reader. The NDR array reader does not validate the element count, potentially leading to a heap buffer overflow when reading data. This occurs due to insufficient bounds checking when processing on-wire elements, allowing writes beyond the allocated heap buffer. The vulnerable component is the ndr read uint8Array function.

Recommendations Update to version 3.20.1 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2026:3068

BDU:2026-00625

CVE-2026-22853

GHSA-47V9-P4GP-W5CH

OPENSUSE-SU-2026:10059-1

OPENSUSE-SU-2026:20339-1

RHSA-2026:3068

RHSA-2026:4121

SUSE-SU-2026:0345-1

USN-8105-1

Affected Products

Freerdp

Linuxmint

Ubuntu

CVE-2026-22853

Weakness Enumeration

Related Identifiers

Affected Products

References · 143