CVE-2026-33516

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6

Description An out-of-bounds read occurs during the RDP capability exchange phase when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this by sending a specially crafted Confirm Active PDU. This may result in a denial of service via process crash or the disclosure of sensitive information from the process memory.

Recommendations Update to version 0.10.6.