Changeflow GovPing Data Privacy & Cybersecurity FreeRDP Vulnerabilities Allow Remote Code Execu...
Priority review Notice Added Final

FreeRDP Vulnerabilities Allow Remote Code Execution, DoS

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 25th, 2026
Detected March 26th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in FreeRDP, a Remote Desktop Protocol implementation. The vulnerabilities could allow remote attackers to execute arbitrary code, cause denial-of-service, or disclose sensitive information. The advisory affects Fedora Linux and Open Source FreeRDP versions prior to 3.24.2.

View original document View source feed page

What changed

CERT-Bund has released security advisory WID-SEC-2026-0880 detailing multiple vulnerabilities in FreeRDP, an open-source implementation of the Remote Desktop Protocol. These vulnerabilities, with a CVSS Base Score of 7.5 (High) and Temporal Score of 6.5 (Medium), can be exploited by remote, anonymous attackers. Successful exploitation could lead to arbitrary code execution, denial-of-service, data manipulation, disclosure of confidential information, or other unspecified attacks.

This advisory impacts Fedora Linux and Open Source FreeRDP versions prior to 3.24.2, affecting systems running on UNIX and Windows operating systems. Organizations utilizing FreeRDP should prioritize updating to a patched version or implementing available mitigations to protect against potential exploitation. The advisory highlights the need for prompt vulnerability management for remote access software.

What to do next

  1. Update FreeRDP to version 3.24.2 or later
  2. Implement available mitigations if immediate update is not possible
  3. Review system logs for signs of exploitation

Source document (simplified)

[WID-SEC-2026-0880] FreeRDP: Mehrere Schwachstellen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 25.03.2026 Stand 26.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).

Produkte

25.03.2026
- Fedora Linux

  • Open Source FreeRDP <3.24.2

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Cisco EPN Manager Information Disclosure Vulnerability
Routine Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de WatchGuard Firebox Remote Code Execution Vulnerability
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Cisco IMC Critical Vulnerabilities - Remote Code Execution and Privilege Escalation
Urgent Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cssf.lu Active Supply Chain Attack Targeting Axios NPM
Urgent Apr 04, 2026 CSSF News Banking & Finance
Favicon for www.cert.ssi.gouv.fr SUSE Linux Kernel Multiple Vulnerabilities Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Ubuntu Linux Kernel Vulnerabilities Allow Arbitrary Code Execution
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 25th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0880

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Remote Access Security
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Vulnerability Management Remote Access Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Government & Legislation 277 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 103 Securities & Markets 104 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.