CVE-2026-24682

High

Published: 09 February 2026

Published

09 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0002 5.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24682 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Freerdp Freerdp. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Direct remote exploitation of public-facing FreeRDP server via malformed RDP data triggers application DoS through memory corruption (heap overflow).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.

Deeper analysisAI

CVE-2026-24682 is a heap-based buffer overflow vulnerability (CWE-122) in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). The issue affects versions prior to 3.22.0 and occurs in the audin_server_recv_formats function, which frees an incorrect number of audio formats (i + i) upon parse failure. This leads to an out-of-bounds access in the audio_formats_free function. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

Remote attackers with network access can exploit this vulnerability without authentication or user interaction by sending malformed RDP audio format data to a FreeRDP server. Successful exploitation triggers the out-of-bounds memory access, causing a denial-of-service condition such as application crash or server instability, with no reported impact on confidentiality or integrity.

The FreeRDP security advisory (GHSA-vcw2-pqgw-mx6g) and the fixing commit (1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee) confirm that the vulnerability is addressed in version 3.22.0. Security practitioners should upgrade FreeRDP servers to 3.22.0 or later to mitigate the issue.

Details

CWE(s): CWE-122

Affected Products

freerdp

≤ 3.22.0

CVEs Like This One

CVE-2026-24679Same product: Freerdp Freerdp

CVE-2026-23533Same product: Freerdp Freerdp

CVE-2026-24681Same product: Freerdp Freerdp

CVE-2026-24678Same product: Freerdp Freerdp

CVE-2026-23532Same product: Freerdp Freerdp

CVE-2026-23531Same product: Freerdp Freerdp

CVE-2026-31806Same product: Freerdp Freerdp

CVE-2026-23530Same product: Freerdp Freerdp

CVE-2026-22858Same product: Freerdp Freerdp

CVE-2026-23534Same product: Freerdp Freerdp

References

https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee
Patch · security-advisories@github.com
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g
Patch, Vendor Advisory · security-advisories@github.com