CVE-2026-44420

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0

Description A heap-buffer-overflow write exists in the server-side clipboard (cliprdr) channel of FreeRDP. The issue occurs within the cliprdr server receive pdu() function when processing a CB CLIP CAPS PDU containing an undersized capabilitySetLength parameter. A remote attacker can exploit this to corrupt heap memory, potentially leading to arbitrary code execution or a remote denial of service (DoS) by crashing the server process. There have been reports of elevated activities targeting this issue.

Recommendations Update to version 3.26.0.