CVE-2026-32623

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6

Description A heap-based buffer overflow exists in the NeutrinoRDP module. When proxying RDP sessions to another server, the module does not properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server or an attacker performing a Man-in-the-Middle attack could exploit this to cause memory corruption, potentially resulting in a Denial of Service (DoS) or Remote Code Execution (RCE). This issue only affects environments where the NeutrinoRDP module has been explicitly compiled and enabled.

Recommendations Update to version 0.10.6. As a temporary workaround, disable the NeutrinoRDP module if it was explicitly enabled.