Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 26, 2026
FreeRDP: Smartcard NDR Alignment Padding Triggers Reachable WINPR_ASSERT Abort (Client DoS)
CVE-2026-27015
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in smartcard_unpack_read_size_align() (libfreerdp/utils/smartcard_pack.c:1703) allows a malicious RDP server to crash the FreeRDP client via a reachable WINPR_ASSERT → abort(). The crash occurs in upstream builds where WITH_VERBOSE_WINPR_ASSERT=ON (default in FreeRDP 3.22.0 / current WinPR CMake defaults). Smartcard redirection must be explicitly enabled by the user (e.g., xfreerdp /smartcard; /smartcard-logon implies /smartcard). Version 3.23.0 fixes the issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/FreeRDP/FreeRDP/commit/65d59d3b3c2f630f2ea862687ecf5f95f8115244mitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7g72-39pq-4725mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.