CVE-2026-33985

Medium

Published: 30 March 2026

Published

30 March 2026

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

EPSS Score 0.0005 14.7th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33985 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Freerdp Freerdp. Its CVSS base score is 5.9 (Medium).

Operationally, ranked at the 14.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely identification, reporting, and patching of the out-of-bounds read vulnerability in FreeRDP versions prior to 3.24.2 to eliminate the heap memory disclosure.

CM-10 Software Usage Restrictions good match

prevent

Restricts execution of unauthorized or vulnerable FreeRDP software versions on systems, preventing use of affected RDP clients.

CM-11 User-installed Software partial match

prevent

Prohibits installation and execution of user-installed vulnerable FreeRDP clients, mitigating risks from user-initiated deployment in UI:R exploitation scenarios.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v18.1

NVD Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

Deeper analysisAI

CVE-2026-33985 affects FreeRDP, an open-source implementation of the Remote Desktop Protocol (RDP), in versions prior to 3.24.2. The vulnerability involves pixel data from adjacent heap memory being incorrectly rendered to the screen due to out-of-bounds read (CWE-125) and insufficient buffer size handling (CWE-131) issues. Published on March 30, 2026, it has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L), indicating medium severity primarily due to high confidentiality impact.

An attacker can exploit this over the network by tricking a user into connecting a vulnerable FreeRDP client to a malicious RDP server. Exploitation requires high attack complexity and user interaction, such as the victim initiating the RDP session, with no privileges needed on the target system. Successful exploitation renders sensitive data from adjacent heap memory as pixels on the screen, leaking it to the attacker who can observe it during the session.

The FreeRDP security advisory (GHSA-x6gr-8p7h-5h85) and associated patch commit (c49d1ad43b8c7b32794d0250f2623c2dccd7ef25) confirm the issue is fixed in version 3.24.2. Security practitioners should update to this version or later to mitigate the risk of information disclosure.

Details

CWE(s): CWE-125 CWE-131

Affected Products

freerdp

≤ 3.24.2

CVEs Like This One

CVE-2026-25942Same product: Freerdp Freerdp

CVE-2026-22855Same product: Freerdp Freerdp

CVE-2026-31885Same product: Freerdp Freerdp

CVE-2026-31897Same product: Freerdp Freerdp

CVE-2026-33982Same product: Freerdp Freerdp

CVE-2026-22859Same product: Freerdp Freerdp

CVE-2026-33986Same product: Freerdp Freerdp

CVE-2026-25941Same product: Freerdp Freerdp

CVE-2026-33984Same product: Freerdp Freerdp

CVE-2026-22858Same product: Freerdp Freerdp

References

https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25
Patch · security-advisories@github.com
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85
Patch, Vendor Advisory · security-advisories@github.com