CVE-2026-24682
Published: 09 February 2026
Summary
CVE-2026-24682 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Freerdp Freerdp. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-24682 is a heap-based buffer overflow vulnerability (CWE-122) in FreeRDP, a free implementation of the Remote Desktop Protocol (RDP). The issue affects versions prior to 3.22.0 and occurs in the audin_server_recv_formats function, which frees an incorrect number of audio formats (i + i) upon parse failure. This leads to an out-of-bounds access in the audio_formats_free function. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.
Remote attackers with network access can exploit this vulnerability without authentication or user interaction by sending malformed RDP audio format data to a FreeRDP server. Successful exploitation triggers the out-of-bounds memory access, causing a denial-of-service condition such as application crash or server instability, with no reported impact on confidentiality or integrity.
The FreeRDP security advisory (GHSA-vcw2-pqgw-mx6g) and the fixing commit (1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee) confirm that the vulnerability is addressed in version 3.22.0. Security practitioners should upgrade FreeRDP servers to 3.22.0 or later to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6488
Vulnerability details
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of public-facing FreeRDP server via malformed RDP data triggers application DoS through memory corruption (heap overflow).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation requires patching FreeRDP to version 3.22.0 or later, directly eliminating the heap buffer overflow vulnerability.
Secure error handling during audio format parsing failures prevents incorrect double-free operations leading to out-of-bounds access.
Input validation of RDP audio format data blocks malformed packets from triggering the parse failure and subsequent buffer overflow.