Cyber Resilience

CVE-2026-24678

HighUpdated

Published: 09 February 2026

Published
09 February 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 37.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24678 is a high-severity Use After Free (CWE-416) vulnerability in Freerdp Freerdp. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-24678 is a use-after-free vulnerability (CWE-416) affecting FreeRDP, a free implementation of the Remote Desktop Protocol, in versions prior to 3.22.0. The issue occurs when a capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use-after-free condition in the ecam_channel_write function. Published on 2026-02-09, it has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A remote, unauthenticated attacker with network access can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation results in denial of service through high availability impact, such as application crashes, with no impact on confidentiality or integrity.

The vulnerability is addressed in FreeRDP version 3.22.0. Mitigation details are available in the FreeRDP security advisory at https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h and the fixing commit at https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600.

EU & UK References

Vulnerability details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is…

more

fixed in 3.22.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated network exploitation of FreeRDP use-after-free causes application DoS (T1190 for public-facing RDP exposure; T1499.004 for direct application exploitation leading to crash).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24681Same product: Freerdp Freerdp
CVE-2026-27950Same product: Freerdp Freerdp
CVE-2026-22857Same product: Freerdp Freerdp
CVE-2026-24680Same product: Freerdp Freerdp
CVE-2026-24675Same product: Freerdp Freerdp
CVE-2026-25954Same product: Freerdp Freerdp
CVE-2026-24491Same product: Freerdp Freerdp
CVE-2026-26986Same product: Freerdp Freerdp
CVE-2026-24684Same product: Freerdp Freerdp
CVE-2026-24676Same product: Freerdp Freerdp

Affected Assets

freerdp
freerdp
≤ 3.22.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the use-after-free flaw by updating FreeRDP to version 3.22.0 or later directly prevents exploitation of CVE-2026-24678.

prevent

Memory protection safeguards such as address space layout randomization and stack canaries mitigate exploitation of the use-after-free in the ecam_channel_write function.

detect

Vulnerability scanning identifies systems running vulnerable FreeRDP versions prior to 3.22.0 affected by this use-after-free.

References