CVE-2026-24678

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0

Description A flaw exists in FreeRDP related to handling device channel closures. Specifically, a capture thread may send responses using a callback function after the associated channel has been closed, resulting in a use-after-free condition within the ecam channel write function.

Recommendations Update to version 3.22.0 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:3068

BDU:2026-06517

CVE-2026-24678

GHSA-6GVG-29WX-6V7H

MGASA-2026-0046

OPENSUSE-SU-2026:10132-1

OPENSUSE-SU-2026:20339-1

RHSA-2026:3068

RHSA-2026:4121

SUSE-SU-2026:0763-1

USN-8042-1

Affected Products

Freerdp

Linuxmint

Ubuntu

CVE-2026-24678

Weakness Enumeration

Related Identifiers

Affected Products

References · 142