VDB

CVE-2026-32107

CVE-2026-32107 PUBLISHED CVSS 8.800000190734863 HIGH

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.

EPSS 0.02% · 6.4th percentile

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.02%
6.4th percentile

Affected Products

VendorProductVersions
neutrinolabsxrdp< 0.10.6

Timeline

  • Apr 17, 2026 CVE Published
  • Apr 17, 2026 PoC Published
  • Apr 17, 2026 PoC Published
  • Apr 20, 2026 Security Advisory
  • Apr 22, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›