Cyber Resilience

CVE-2026-32107

High

Published: 17 April 2026

Published
17 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0016 5.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32107 is a high-severity Improper Check for Dropped Privileges (CWE-273) vulnerability in Neutrinolabs Xrdp. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-32107 affects xrdp, an open source Remote Desktop Protocol (RDP) server, specifically in versions through 0.10.5. The vulnerability resides in the session execution component, which fails to properly handle an error during the privilege drop process. This constitutes improper privilege management (CWE-273), enabling potential privilege escalation. The issue has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its local attack vector, low complexity, and comprehensive impact on confidentiality, integrity, and availability in a changed scope.

An authenticated local attacker could exploit this flaw to escalate privileges to root and execute arbitrary code on the affected system. Exploitation requires initial local access with low privileges and an additional exploit to facilitate the privilege drop failure, after which the mishandled error allows the attacker to bypass intended restrictions.

The xrdp project has addressed this vulnerability in version 0.10.6, as detailed in the release notes and security advisory. Security practitioners should upgrade to v0.10.6 or later to mitigate the risk, with further details available in the GitHub release at https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 and the advisory at https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9.

EU & UK References

Vulnerability details

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to…

more

root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The described improper privilege management flaw (failed privilege drop in xrdp session execution) is directly exploitable by a local attacker to escalate from low privileges to root and execute arbitrary code, mapping to T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35512Same product: Neutrinolabs Xrdp
CVE-2026-33689Same product: Neutrinolabs Xrdp
CVE-2026-32623Same product: Neutrinolabs Xrdp
CVE-2026-33516Same product: Neutrinolabs Xrdp
CVE-2026-32105Same product: Neutrinolabs Xrdp
CVE-2025-27396Shared CWE-273
CVE-2025-68670Same product: Neutrinolabs Xrdp
CVE-2026-21882Shared CWE-273
CVE-2026-0099Shared CWE-273

Affected Assets

neutrinolabs
xrdp
≤ 0.10.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege for xrdp session processes, directly preventing escalation to root even if privilege drop fails due to error mishandling.

prevent

Requires secure error handling that does not compromise security attributes, addressing the specific failure to properly handle privilege drop errors in xrdp.

prevent

Mandates timely flaw remediation by patching xrdp to version 0.10.6 or later, eliminating the improper privilege management vulnerability.

References