Cyber Resilience

CVE-2026-24680

High

Published: 09 February 2026

Published
09 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24680 is a high-severity Use After Free (CWE-416) vulnerability in Freerdp Freerdp. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-24680 is a use-after-free vulnerability (CWE-416) in FreeRDP, a free implementation of the Remote Desktop Protocol. In versions prior to 3.22.0, the sdl_Pointer_New function frees data upon failure, after which pointer_free calls sdl_Pointer_Free and frees it again, triggering an AddressSanitizer (ASan)-detected use-after-free condition.

An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation results in high availability impact with no effects on confidentiality or integrity, as reflected in the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), potentially causing denial of service via application crash.

The issue is fixed in FreeRDP version 3.22.0. Mitigation involves upgrading to this version or later. Details are provided in the FreeRDP GitHub security advisory at GHSA-j893-9wg8-33rc and the patching commit at c42ecbd183b001e76bfc3614cddfad0034acc758.

EU & UK References

Vulnerability details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Use-after-free in FreeRDP directly enables remote exploitation leading to application crash and denial of service (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27950Same product: Freerdp Freerdp
CVE-2026-24675Same product: Freerdp Freerdp
CVE-2026-25954Same product: Freerdp Freerdp
CVE-2026-24491Same product: Freerdp Freerdp
CVE-2026-26986Same product: Freerdp Freerdp
CVE-2026-24684Same product: Freerdp Freerdp
CVE-2026-24676Same product: Freerdp Freerdp
CVE-2026-24683Same product: Freerdp Freerdp
CVE-2026-24681Same product: Freerdp Freerdp
CVE-2026-24678Same product: Freerdp Freerdp

Affected Assets

freerdp
freerdp
≤ 3.22.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of identified flaws, such as patching the use-after-free vulnerability in FreeRDP prior to version 3.22.0 to prevent exploitation.

prevent

Provides memory protection mechanisms like ASLR and non-executable memory that mitigate exploitation of use-after-free errors by complicating reliable code execution after corruption.

prevent

Ensures secure error handling to prevent unsafe operations like double-free in failure paths, as seen in sdl_Pointer_New during error conditions.

References