Security Advisory

CVE-2026-22854

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-14 17:47:49

Last updated 2026-02-26 15:04:09

Assigner GitHub_M

State PUBLISHED

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.

← Browse all CVEs View on cve.org ↗