VDB
CVE-2026-22853
CVE-2026-22853
PUBLISHED
CVSS 6.8 MEDIUM
Reported by GitHub_M · Published January 14, 2026
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
Risk Scores
CVSS v4.0
6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| FreeRDP | FreeRDP | < 3.20.1 |
| FreeRDP | FreeRDP | < 3.20.1, < 3.20.1 |
| alpine | freerdp | 0, 0, 0 |
Timeline
- Jan 12, 2026 CVE ID Reserved
- Jan 14, 2026 CVE Published
- Jan 15, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 24, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 4, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch x_refsource_CONFIRM
- https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 x_refsource_MISC