CVE-2026-35512
Received Received - Intake
Heap-Based Buffer Overflow in xrdp EGFX Allows RCE

Publication date: 2026-04-17

Last updated on: 2026-04-27

Assigner: GitHub, Inc.

Description
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication exploitation may achieve remote code execution. This issue has been fixed in version 0.10.6. If users are unable to immediately update, they should run xrdp as a non-privileged user (default since 0.10.2) to limit the impact of successful exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35512
EUVD
EUVD-2026-23519
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
neutrinolabs xrdp to 0.10.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in xrdp, an open source Remote Desktop Protocol (RDP) server. Versions up to 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation. The issue is caused by insufficient validation of client-controlled size parameters, which allows an attacker to perform an out-of-bounds write by sending specially crafted Protocol Data Units (PDUs).

Exploitation can occur before authentication to crash the xrdp process, or after authentication to potentially achieve remote code execution. The vulnerability was fixed in version 0.10.6.

If immediate updating is not possible, running xrdp as a non-privileged user (which has been the default since version 0.10.2) can help limit the impact of a successful exploit.

Impact Analysis

This vulnerability can impact you by allowing an attacker to crash the xrdp service remotely without authentication, causing denial of service.

More seriously, if the attacker authenticates, they may exploit the vulnerability to execute arbitrary code remotely on the affected system, potentially gaining control over it.

This can lead to unauthorized access, data theft, system compromise, or further attacks within your network.

Running xrdp as a non-privileged user can reduce the severity of the impact if exploitation occurs.

Mitigation Strategies

To mitigate this vulnerability, you should update xrdp to version 0.10.6 or later where the issue is fixed.

If immediate update is not possible, run xrdp as a non-privileged user (which is the default since version 0.10.2) to limit the impact of a successful exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35512. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart