CVE-2026-22853CRITICAL 9.8EPSS p37.9%

CVE-2026-22853CVE-2026-22853

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.48% probability of exploitation · percentile 37.9% · 2026-06-18T12:00:27Z
Published2026-01-14
Last modified2026-01-20

Underlying weaknesses· 1

CWE-787

References

  1. https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1
  2. https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22854
CVE
CVE-2026-22855
CVE
CVE-2026-22852
CVE
CVE-2026-33982
CVE
CVE-2026-22857
CVE
CVE-2026-25941
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.