CVE-2026-22858

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1

Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw related to Base64 decoding. A global-buffer-overflow can occur due to implementation-defined char signedness on Arm/AArch64 builds. Specifically, non-ASCII bytes may bypass range restrictions and be used as an index into a global lookup table, leading to out-of-bounds access. The issue stems from the optimization of a guard condition (c <= 0) into a simple check (c != 0) when char is treated as unsigned.

Recommendations Update to version 3.20.1 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-758

Related Identifiers

ALSA-2026:3067

ALSA-2026:3068

ALSA-2026:3334

BDU:2026-00620

CVE-2026-22858

GHSA-QMQF-M84Q-X896

OPENSUSE-SU-2026:10059-1

OPENSUSE-SU-2026:20339-1

RHSA-2026:3067

RHSA-2026:3068

RHSA-2026:3334

RHSA-2026:3975

RHSA-2026:4121

RHSA-2026:4433

RHSA-2026:4437

RHSA-2026:4438

RHSA-2026:4439

RHSA-2026:4440

RHSA-2026:4446

RHSA-2026:4471

RHSA-2026:4489

SUSE-SU-2026:0345-1

USN-8105-1

Affected Products

Freerdp

Linuxmint

Rocky Linux

Ubuntu

CVE-2026-22858

Weakness Enumeration

Related Identifiers

Affected Products

References · 153