CVE-2026-33516
Out-of-Bounds Read in xrdp Causes Remote DoS and Data Leak
Publication date: 2026-04-17
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| neutrinolabs | xrdp | to 0.10.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in xrdp, an open source RDP server, in versions up to 0.10.5. It is an out-of-bounds read vulnerability that occurs during the RDP capability exchange phase. Specifically, the issue happens because memory is accessed before the remaining buffer length is validated. A remote, unauthenticated attacker can exploit this by sending a specially crafted Confirm Active PDU.
Exploitation of this vulnerability can cause the xrdp process to crash (denial of service) or potentially allow the attacker to disclose sensitive information from the process memory.
This vulnerability was fixed in version 0.10.6 of xrdp.
How can this vulnerability impact me? :
If exploited, this vulnerability can impact you by causing a denial of service, where the xrdp server process crashes and becomes unavailable.
Additionally, there is a risk of sensitive information disclosure from the process memory, which could lead to exposure of confidential data.
Since the attacker can be remote and unauthenticated, the risk is higher as no prior access is needed to trigger the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade xrdp to version 0.10.6 or later, where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in xrdp versions through 0.10.5 allows a remote unauthenticated attacker to potentially disclose sensitive information from process memory. Such a disclosure could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access.
Additionally, the possibility of denial of service could affect system availability, which is also a consideration under these standards.
However, specific impacts on compliance depend on the context of deployment and whether the vulnerable versions are used in environments subject to these regulations.