Cyber Resilience

CVE-2026-23533

HighPublic PoCUpdated

Published: 19 January 2026

Published
19 January 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0059 43.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23533 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Freerdp Freerdp. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-23533 is a client-side heap buffer overflow vulnerability in FreeRDP, a free implementation of the Remote Desktop Protocol, affecting versions prior to 3.21.0. The issue resides in the RDPGFX ClearCodec decode path, where maliciously crafted residual data triggers out-of-bounds writes during color output processing. Classified under CWE-122 (Heap-based Buffer Overflow), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation.

A malicious RDP server can exploit this vulnerability against any client using a vulnerable FreeRDP version that connects to it. No special privileges or user interaction beyond initiating the connection are required. Successful exploitation causes a client-side heap buffer overflow, reliably leading to a denial-of-service crash, with potential for heap corruption and arbitrary code execution depending on the memory allocator's behavior and surrounding heap layout.

The FreeRDP project addressed this in version 3.21.0, which includes a patch for the ClearCodec decode path. Security practitioners should upgrade to FreeRDP 3.21.0 or later. Detailed information is available in the project's security advisory (GHSA-32q9-m5qr-9j2v) and release notes, with code changes visible in the clear.c source file around lines 268-281 and 336.

EU & UK References

Vulnerability details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server…

more

can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The vulnerability is a client-side heap buffer overflow in FreeRDP (RDP client) exploitable by a malicious RDP server upon connection, enabling arbitrary code execution which directly maps to Exploitation for Client Execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23530Same product: Freerdp Freerdp
CVE-2026-23532Same product: Freerdp Freerdp
CVE-2026-23531Same product: Freerdp Freerdp
CVE-2026-44421Same product: Freerdp Freerdp
CVE-2026-22854Same product: Freerdp Freerdp
CVE-2026-31806Same product: Freerdp Freerdp
CVE-2026-40033Same product: Freerdp Freerdp
CVE-2026-23534Same product: Freerdp Freerdp
CVE-2026-31883Same product: Freerdp Freerdp
CVE-2026-33986Same product: Freerdp Freerdp

Affected Assets

freerdp
freerdp
≤ 3.21.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely patching of the heap buffer overflow in FreeRDP's RDPGFX ClearCodec decode path by upgrading to version 3.21.0 or later.

prevent

Mandates validation of RDPGFX ClearCodec residual data inputs to prevent out-of-bounds writes from malicious server data.

prevent

Implements memory protections like ASLR and DEP to mitigate heap corruption and potential code execution from the buffer overflow.

References