PT-2026-7033 · Freerdp+3 · Freerdp+3

Ehdgks0627

·

Published

2026-01-01

·

Updated

2026-04-16

·

CVE-2026-24491

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0
Description FreeRDP, a Remote Desktop Protocol implementation, contains a flaw where the video timer component may send client notifications after the control channel has been closed. This action can lead to a use-after-free condition due to dereferencing a freed callback.
Recommendations Update to version 3.22.0 or later.

Exploit

Fix

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:6340
ALSA-2026:6799
ALSA-2026:6918
BDU:2026-06519
CVE-2026-24491
GHSA-4X6J-W49R-869G
MGASA-2026-0046
MGASA-2026-0086
OESA-2026-1516
OESA-2026-1517
OESA-2026-1518
OESA-2026-1519
OESA-2026-1520
OESA-2026-1521
OPENSUSE-SU-2026:10132-1
OPENSUSE-SU-2026:10243-1
OPENSUSE-SU-2026:20320-1
OPENSUSE-SU-2026:20339-1
OPENSUSE-SU-2026:20632-1
RHSA-2026:10076
RHSA-2026:10734
RHSA-2026:10735
RHSA-2026:10951
RHSA-2026:11323
RHSA-2026:6340
RHSA-2026:6727
RHSA-2026:6743
RHSA-2026:6799
RHSA-2026:6918
RHSA-2026:6958
RHSA-2026:9640
RHSA-2026:9641
SUSE-SU-2026:0621-1
SUSE-SU-2026:0649-1
SUSE-SU-2026:0683-1
SUSE-SU-2026:0762-1
SUSE-SU-2026:0763-1
SUSE-SU-2026:0902-1
SUSE-SU-2026:0933-1
SUSE-SU-2026:0968-1
SUSE-SU-2026:0969-1
SUSE-SU-2026:1398-1
USN-8042-1

Affected Products

Freerdp
Linuxmint
Rocky Linux
Ubuntu