High severity8.8NVD Advisory· Published Apr 17, 2026· Updated Apr 27, 2026
CVE-2026-32107
CVE-2026-32107
Description
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
2- github.com/neutrinolabs/xrdp/releases/tag/v0.10.6nvdPatchRelease Notes
- github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9nvdVendor Advisory
News mentions
0No linked articles in our index yet.