Cyber Resilience

CVE-2026-24683

High

Published: 09 February 2026

Published
09 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 36.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24683 is a high-severity Use After Free (CWE-416) vulnerability in Freerdp Freerdp. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-24683 is a use-after-free vulnerability in FreeRDP, an open-source implementation of the Remote Desktop Protocol (RDP). The issue occurs in the ainput_send_input_event function, which caches a channel_callback in a local variable and uses it later without proper synchronization. A concurrent channel close can free or reinitialize the callback, resulting in a use-after-free condition. This affects FreeRDP versions prior to 3.22.0 and is classified under CWE-416 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Remote attackers with network access can exploit this vulnerability without authentication or user interaction due to its low attack complexity. By triggering the race condition through a concurrent channel close during input event processing, attackers can cause a denial of service, such as application crashes or memory corruption leading to high availability impact, though it does not enable confidentiality or integrity violations.

The FreeRDP security advisory (GHSA-45pf-68pj-fg8q) and the fixing commit (d9ca272dce7a776ab475e9b1a8e8c3d2968c8486) confirm the vulnerability was addressed in version 3.22.0 by adding proper synchronization to prevent the use-after-free. Security practitioners should update to FreeRDP 3.22.0 or later to mitigate the issue.

EU & UK References

Vulnerability details

FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior…

more

to 3.22.0, This vulnerability is fixed in 3.22.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Use-after-free in FreeRDP RDP input handling directly enables remote application/system crash via exploitation, mapping to T1499.004; no code execution, credential access, or lateral movement is facilitated.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27950Same product: Freerdp Freerdp
CVE-2026-24680Same product: Freerdp Freerdp
CVE-2026-24675Same product: Freerdp Freerdp
CVE-2026-25954Same product: Freerdp Freerdp
CVE-2026-24491Same product: Freerdp Freerdp
CVE-2026-26986Same product: Freerdp Freerdp
CVE-2026-24684Same product: Freerdp Freerdp
CVE-2026-24676Same product: Freerdp Freerdp
CVE-2026-24681Same product: Freerdp Freerdp
CVE-2026-24678Same product: Freerdp Freerdp

Affected Assets

freerdp
freerdp
≤ 3.22.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability by requiring timely patching of FreeRDP to version 3.22.0 or later where synchronization was added.

prevent

Implements memory protection safeguards like ASLR and DEP that mitigate exploitation of the use-after-free leading to crashes or corruption.

detect

Ensures monitoring of security advisories such as GHSA-45pf-68pj-fg8q to identify and address the FreeRDP vulnerability promptly.

References