CVE-2026-24683
Published: 09 February 2026
Summary
CVE-2026-24683 is a high-severity Use After Free (CWE-416) vulnerability in Freerdp Freerdp. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in FreeRDP RDP input handling directly enables remote application/system crash via exploitation, mapping to T1499.004; no code execution, credential access, or lateral movement is facilitated.
NVD Description
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior…
more
to 3.22.0, This vulnerability is fixed in 3.22.0.
Deeper analysisAI
CVE-2026-24683 is a use-after-free vulnerability in FreeRDP, an open-source implementation of the Remote Desktop Protocol (RDP). The issue occurs in the ainput_send_input_event function, which caches a channel_callback in a local variable and uses it later without proper synchronization. A concurrent channel close can free or reinitialize the callback, resulting in a use-after-free condition. This affects FreeRDP versions prior to 3.22.0 and is classified under CWE-416 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Remote attackers with network access can exploit this vulnerability without authentication or user interaction due to its low attack complexity. By triggering the race condition through a concurrent channel close during input event processing, attackers can cause a denial of service, such as application crashes or memory corruption leading to high availability impact, though it does not enable confidentiality or integrity violations.
The FreeRDP security advisory (GHSA-45pf-68pj-fg8q) and the fixing commit (d9ca272dce7a776ab475e9b1a8e8c3d2968c8486) confirm the vulnerability was addressed in version 3.22.0 by adding proper synchronization to prevent the use-after-free. Security practitioners should update to FreeRDP 3.22.0 or later to mitigate the issue.
Details
- CWE(s)