CVE-2026-32623
Heap-Based Buffer Overflow in xrdp NeutrinoRDP Enables RCE
Publication date: 2026-04-17
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| neutrinolabs | xrdp | to 0.10.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in xrdp, an open source Remote Desktop Protocol (RDP) server, specifically in its NeutrinoRDP module up to version 0.10.5.
The issue is a heap-based buffer overflow caused by improper validation of the size of reassembled fragmented virtual channel data against its allocated memory buffer when proxying RDP sessions.
A malicious downstream RDP server or an attacker capable of performing a Man-in-the-Middle attack could exploit this flaw to cause memory corruption.
This memory corruption can potentially lead to Denial of Service (DoS) or Remote Code Execution (RCE).
The vulnerability only affects environments where the NeutrinoRDP module has been explicitly compiled and enabled.
It was fixed in version 0.10.6 of xrdp.
How can this vulnerability impact me? :
If you are using xrdp with the NeutrinoRDP module enabled, this vulnerability could allow an attacker to cause memory corruption.
The impact of this memory corruption could be a Denial of Service (DoS), making the service unavailable.
More severely, it could allow Remote Code Execution (RCE), enabling an attacker to execute arbitrary code on the affected system.
This could lead to full system compromise depending on the privileges of the xrdp process.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability on your system, you can check if the NeutrinoRDP module is built and enabled in your xrdp installation. This can be done by running the command 'xrdp -v' and verifying if the output includes the flag '--enable-neutrinordp'.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading xrdp to version 0.10.6 or later, where this vulnerability has been fixed.
If upgrading is not immediately possible, ensure that the NeutrinoRDP module is not enabled or compiled in your xrdp build, as the vulnerability only affects environments where this module is explicitly compiled and enabled.