CVE-2026-33952
Received Received - Intake

Assertion Failure DoS in FreeRDP RPC-over-HTTP Gateway Transport

Vulnerability report for CVE-2026-33952, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-30

Last updated on: 2026-04-02

Assigner: GitHub, Inc.

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-30
Last Modified
2026-04-02
Generated
2026-07-06
AI Q&A
2026-03-31
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
freerdp freerdp to 3.24.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in FreeRDP, a free implementation of the Remote Desktop Protocol. Before version 3.24.2, an unvalidated auth_length field read from the network causes a WINPR_ASSERT() failure in the function rts_read_auth_verifier_no_checks(). This failure leads to the FreeRDP client crashing with a SIGABRT signal when connecting through a malicious RDP Gateway.

The issue is a pre-authentication denial of service affecting all FreeRDP clients that use RPC-over-HTTP gateway transport. The assertion failure is active in default release builds with verbose assertions enabled. The vulnerability has been fixed in version 3.24.2.

Impact Analysis

This vulnerability can cause FreeRDP clients to crash unexpectedly when connecting through a malicious RDP Gateway. This results in a denial of service, preventing legitimate users from establishing remote desktop connections.

Since the crash occurs before authentication, it can be exploited by attackers to disrupt services without needing valid credentials.

Mitigation Strategies

To mitigate this vulnerability, update all FreeRDP clients to version 3.24.2 or later, where the issue has been patched.

Avoid using RPC-over-HTTP gateway transport with vulnerable FreeRDP clients until they are updated.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33952. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart