FreeRDP Vulnerabilities - Remote Code Execution

CERT-Bund Security Advisories

Published March 12th, 2026

Detected March 13th, 2026

Summary

CERT-Bund has issued an advisory for multiple vulnerabilities in FreeRDP, a Remote Desktop Protocol implementation. The vulnerabilities have a CVSS base score of 8.8 and allow for remote code execution, denial-of-service, and information disclosure.

View original document View source feed page

What changed

This advisory details multiple critical vulnerabilities (CVSS 8.8) in FreeRDP versions prior to 3.24.0, affecting Linux, UNIX, and Windows systems. Exploitation by a remote, anonymous attacker can lead to arbitrary code execution, denial-of-service, memory corruption, data manipulation, or disclosure of confidential information.

Organizations utilizing FreeRDP should immediately update to a patched version or implement available mitigations. Failure to address these vulnerabilities could expose systems to significant security risks, including complete compromise. The advisory highlights the need for prompt patching to prevent exploitation.

What to do next

Update FreeRDP to version 3.24.0 or later
Implement available security mitigations if immediate update is not possible

Source document (simplified)

[WID-SEC-2026-0725] FreeRDP: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.9 (hoch) Remoteangriff ja Datum 12.03.2026 Stand 13.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

Linux
Sonstiges
UNIX
Windows

Produktbeschreibung

FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).

Produkte

12.03.2026
- Open Source FreeRDP <3.24.0

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Speicherbeschädigungen zu verursachen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben