PT-2026-33488 · Xrdp · Xrdp
Exploitintel
·
Published
2026-04-17
·
Updated
2026-05-19
·
CVE-2026-32107
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
xrdp versions prior to 0.10.6
Description
The session execution component of this open source RDP server fails to properly handle errors during the privilege drop process. This improper privilege management allows an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system, although an additional exploit is required to facilitate this.
Recommendations
Update to version 0.10.6.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xrdp