CVE-2026-44422
Heap Use-After-Free in FreeRDP Client
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freerdp | freerdp | to 3.26.0 (inc) |
| freerdp | freerdp | to 3.26.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in FreeRDP's RDPEAR NDR parser, which improperly handles non-null NDR pointer ref-ids. When the same ref-id is reused across multiple pointer fields, the parser assigns the same heap object to these fields without tracking the object's expected type or ownership.
As a result, when the generic destructor later processes these fields independently, it frees the same memory twice, causing a heap use-after-free and double-free condition. This can lead to client-side memory corruption.
Additionally, the vulnerability allows cross-type aliasing, where one object type can be misinterpreted as another, causing heap out-of-bounds reads and type confusion.
An attacker can exploit this by sending malicious RDPEAR NDR data to a FreeRDP client, triggering these memory corruption issues.
How can this vulnerability impact me? :
This vulnerability can cause client-side memory corruption in the FreeRDP client, which may lead to instability or crashes.
While it does not guarantee reliable remote code execution, the memory corruption could potentially be leveraged by an attacker to execute arbitrary code or cause denial of service.
Exploitation requires user interaction and involves network-based attacks with high complexity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade your FreeRDP client to version 3.26.0 or later, where the issue has been fixed.
Avoid using vulnerable versions of FreeRDP (up to 3.25.0) especially when connecting to untrusted or potentially malicious servers.
Since the vulnerability requires user interaction and involves network-based attacks, exercising caution when connecting to unknown Remote Desktop servers can reduce risk.