CVE-2026-40254

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.25.0

Description An off-by-one error exists in the path traversal filter within channels/drive/client/drive file.c. The contains dotdot() function fails to detect .. when it is the final component of a path without a trailing separator, although it correctly identifies ../ and .. mid-path. A malicious RDP server can exploit this to read, list, or write files one directory above the client's shared folder via RDPDR requests, provided the client connects with drive redirection enabled.

Recommendations Update to version 3.25.0.