Cyber Resilience

CVE-2026-24682

High

Published: 09 February 2026

Published
09 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 36.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24682 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Freerdp Freerdp. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-24682 is a heap-based buffer overflow vulnerability (CWE-122) in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). The issue affects versions prior to 3.22.0 and occurs in the audin_server_recv_formats function, which frees an incorrect number of audio formats (i + i) upon parse failure. This leads to an out-of-bounds access in the audio_formats_free function. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

Remote attackers with network access can exploit this vulnerability without authentication or user interaction by sending malformed RDP audio format data to a FreeRDP server. Successful exploitation triggers the out-of-bounds memory access, causing a denial-of-service condition such as application crash or server instability, with no reported impact on confidentiality or integrity.

The FreeRDP security advisory (GHSA-vcw2-pqgw-mx6g) and the fixing commit (1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee) confirm that the vulnerability is addressed in version 3.22.0. Security practitioners should upgrade FreeRDP servers to 3.22.0 or later to mitigate the issue.

EU & UK References

Vulnerability details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct remote exploitation of public-facing FreeRDP server via malformed RDP data triggers application DoS through memory corruption (heap overflow).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24679Same product: Freerdp Freerdp
CVE-2026-44420Same product: Freerdp Freerdp
CVE-2026-24681Same product: Freerdp Freerdp
CVE-2026-23530Same product: Freerdp Freerdp
CVE-2026-24678Same product: Freerdp Freerdp
CVE-2026-23532Same product: Freerdp Freerdp
CVE-2026-23531Same product: Freerdp Freerdp
CVE-2026-44421Same product: Freerdp Freerdp
CVE-2026-22858Same product: Freerdp Freerdp
CVE-2026-23732Same product: Freerdp Freerdp

Affected Assets

freerdp
freerdp
≤ 3.22.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation requires patching FreeRDP to version 3.22.0 or later, directly eliminating the heap buffer overflow vulnerability.

prevent

Secure error handling during audio format parsing failures prevents incorrect double-free operations leading to out-of-bounds access.

prevent

Input validation of RDP audio format data blocks malformed packets from triggering the parse failure and subsequent buffer overflow.

References