Cyber Resilience

CVE-2026-24684

High

Published: 09 February 2026

Published
09 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0053 40.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24684 is a high-severity Use After Free (CWE-416) vulnerability in Freerdp Freerdp. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-24684 is a use-after-free vulnerability (CWE-416) in FreeRDP, an open-source implementation of the Remote Desktop Protocol (RDP). The issue affects versions prior to 3.22.0 and occurs in the RDPSND (RDP Sound) async playback thread, where queued Protocol Data Units (PDUs) can be processed after the channel is closed and internal state is freed, specifically triggering the flaw in the rdpsnd_treat_wave function. This vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for denial-of-service impacts.

A remote attacker with network access to a vulnerable FreeRDP client can exploit this flaw without authentication or user interaction by sending specially crafted RDP packets that manipulate the RDPSND channel. Upon channel closure, the async thread may continue processing stale PDUs against freed memory, leading to a crash of the FreeRDP client process and causing a denial of service. No confidentiality or integrity impacts are possible, as the CVSS vector confirms.

The FreeRDP security advisory (GHSA-vcgv-xgjp-h83q) and related commits detail the fix implemented in version 3.22.0, with patches available at commit 622bb7b4402491ca003f47472d0e478132673696 and commit afa6851dc80835d3101e40fcef51b6c5c0f43ea5. Security practitioners should update FreeRDP clients to 3.22.0 or later to mitigate this issue, as no workarounds are specified in the provided references.

EU & UK References

Vulnerability details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave.…

more

This vulnerability is fixed in 3.22.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Use-after-free in FreeRDP client RDPSND handling allows remote unauthenticated attacker to crash the process via crafted RDP packets, directly enabling application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27950Same product: Freerdp Freerdp
CVE-2026-24680Same product: Freerdp Freerdp
CVE-2026-24675Same product: Freerdp Freerdp
CVE-2026-25954Same product: Freerdp Freerdp
CVE-2026-24491Same product: Freerdp Freerdp
CVE-2026-26986Same product: Freerdp Freerdp
CVE-2026-24676Same product: Freerdp Freerdp
CVE-2026-24683Same product: Freerdp Freerdp
CVE-2026-24681Same product: Freerdp Freerdp
CVE-2026-24678Same product: Freerdp Freerdp

Affected Assets

freerdp
freerdp
≤ 3.22.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely patching of the use-after-free vulnerability in FreeRDP's RDPSND async thread as fixed in version 3.22.0.

prevent

Provides memory protection mechanisms such as ASLR and DEP that mitigate exploitation of the use-after-free leading to client crashes.

detect

Enables vulnerability scanning to identify deployments of vulnerable FreeRDP versions affected by CVE-2026-24684.

References