CVE-2026-32105
Received Received - Intake
MAC Verification Bypass in xrdp Classic RDP Enables MITM

Publication date: 2026-04-17

Last updated on: 2026-04-27

Assigner: GitHub, Inc.

Description
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-27
Generated
2026-06-21
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-20
NVD
CVE-2026-32105
EUVD
EUVD-2026-23472
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
neutrinolabs xrdp to 0.10.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-354 The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in xrdp versions through 0.10.5, where the software does not verify the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer.

While the sender generates the MAC signatures correctly, the receiving side does not validate these 8-byte integrity signatures, effectively ignoring them.

As a result, an unauthenticated attacker with man-in-the-middle (MITM) capabilities can modify encrypted traffic in transit without detection.

This issue does not affect connections that enforce the TLS security layer, and it was fixed in version 0.10.6.

Users unable to upgrade immediately should configure xrdp to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.

Impact Analysis

This vulnerability allows an unauthenticated attacker with man-in-the-middle capabilities to modify encrypted RDP traffic without detection.

Such modification can compromise the confidentiality and integrity of the data transmitted during remote desktop sessions.

This could lead to unauthorized access, data tampering, or injection of malicious commands during the session.

However, connections using the TLS security layer are not affected by this vulnerability.

Mitigation Strategies

To mitigate this vulnerability immediately, you should upgrade xrdp to version 0.10.6 or later where the issue is fixed.

If upgrading is not possible right away, configure the xrdp.ini file to enforce TLS security by setting security_layer=tls. This ensures end-to-end integrity and prevents exploitation of the missing MAC signature verification.

Compliance Impact

The vulnerability in xrdp versions through 0.10.5 allows an unauthenticated attacker with man-in-the-middle capabilities to modify encrypted RDP traffic without detection due to missing verification of the Message Authentication Code (MAC) signature. This lack of integrity verification can lead to unauthorized data modification during transmission.

Such a security weakness could impact compliance with standards and regulations like GDPR and HIPAA, which require ensuring the confidentiality and integrity of sensitive data in transit. Failure to detect tampering with encrypted communications may violate these requirements, potentially leading to non-compliance.

However, enforcing the TLS security layer (security_layer=tls) or upgrading to version 0.10.6 mitigates this risk by ensuring end-to-end integrity verification.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart