CVE-2026-44420

FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS

CVSS 8.8 HIGHEPSS 3.7%CWE-122

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

FreeRDP · FreeRDP

public PoCs found — 1

cve_referencegithub.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3r https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8