High severity8.8NVD Advisory· Published May 29, 2026· Updated Jun 2, 2026
CVE-2026-44420
CVE-2026-44420
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/freerdp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.26.0-3.1+ 2 more
- (no CPE)range: < 3.26.0-3.1
- (no CPE)range: < 3.26.0-160000.1.1
- (no CPE)range: < 3.26.0-160000.1.1
Patches
Vulnerability mechanics
References
2- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3rnvdExploitMitigationVendor Advisory
- github.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8nvd
News mentions
0No linked articles in our index yet.