CVE-2026-24683
Published: 09 February 2026
Summary
CVE-2026-24683 is a high-severity Use After Free (CWE-416) vulnerability in Freerdp Freerdp. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-24683 is a use-after-free vulnerability in FreeRDP, an open-source implementation of the Remote Desktop Protocol (RDP). The issue occurs in the ainput_send_input_event function, which caches a channel_callback in a local variable and uses it later without proper synchronization. A concurrent channel close can free or reinitialize the callback, resulting in a use-after-free condition. This affects FreeRDP versions prior to 3.22.0 and is classified under CWE-416 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Remote attackers with network access can exploit this vulnerability without authentication or user interaction due to its low attack complexity. By triggering the race condition through a concurrent channel close during input event processing, attackers can cause a denial of service, such as application crashes or memory corruption leading to high availability impact, though it does not enable confidentiality or integrity violations.
The FreeRDP security advisory (GHSA-45pf-68pj-fg8q) and the fixing commit (d9ca272dce7a776ab475e9b1a8e8c3d2968c8486) confirm the vulnerability was addressed in version 3.22.0 by adding proper synchronization to prevent the use-after-free. Security practitioners should update to FreeRDP 3.22.0 or later to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6490
Vulnerability details
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior…
more
to 3.22.0, This vulnerability is fixed in 3.22.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in FreeRDP RDP input handling directly enables remote application/system crash via exploitation, mapping to T1499.004; no code execution, credential access, or lateral movement is facilitated.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the use-after-free vulnerability by requiring timely patching of FreeRDP to version 3.22.0 or later where synchronization was added.
Implements memory protection safeguards like ASLR and DEP that mitigate exploitation of the use-after-free leading to crashes or corruption.
Ensures monitoring of security advisories such as GHSA-45pf-68pj-fg8q to identify and address the FreeRDP vulnerability promptly.