CVE-2026-33689

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6

Description An out-of-bounds read exists in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. The issue stems from insufficient validation of input buffer lengths before processing dynamic channel communication. This can result in a denial-of-service condition via a process crash or the potential disclosure of sensitive information from the service memory space.

Recommendations Update to version 0.10.6.