vulnerability
Ubuntu: USN-8105-1 (CVE-2026-22853): FreeRDP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jan 14, 2026 | Mar 19, 2026 | Mar 27, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 14, 2026
Added
Mar 19, 2026
Modified
Mar 27, 2026
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
Solution
ubuntu-upgrade-libfreerdp3-3
References
- CVE-2026-22853
- https://attackerkb.com/topics/CVE-2026-22853
- CWE-787
- EUVD-EUVD-2026-2674
- UBUNTU-USN-8105-1
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-2674
- https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch
- https://ubuntu.com/security/notices/USN-8105-1
- https://www.cve.org/CVERecord?id=CVE-2026-22853
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.