CVE-2026-32624
Published: 17 April 2026
Summary
CVE-2026-32624 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Neutrinolabs Xrdp. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-23506
Vulnerability details
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and…
more
domain name to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default, systems are not affected by this vulnerability unless it is intentionally configured. This issue has been fixed in version 0.10.6.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in public-facing xrdp RDP server logon allows unauthenticated remote exploitation leading to DoS or unexpected behavior.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.