CVE-2026-33985

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.9 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L                                    

Vulnerability Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

Vulnerability Details

Published Date

March 30, 2026

Last Modified

March 31, 2026

CWE ID

CWE-125

Source

NVD

Vendor

FreeRDP

Product

FreeRDP

External References

https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85

CVE-2026-33985

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment