Medium severity4.2NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026
CVE-2026-40254
CVE-2026-40254
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drive_file.c. The contains_dotdot() function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing separator. A rogue RDP server can read, list, or write files one directory above the client's shared folder through RDPDR requests. This requires the victim to connect with drive redirection enabled. Version 3.25.0 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/freerdp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.26.0-1.1+ 2 more
- (no CPE)range: < 3.26.0-1.1
- (no CPE)range: < 3.26.0-160000.1.1
- (no CPE)range: < 3.26.0-160000.1.1
Patches
Vulnerability mechanics
References
1- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3xpj-m4hx-8vmxnvdExploitMitigationVendor Advisory
News mentions
0No linked articles in our index yet.