CVE-2026-33982HIGH 8.1EPSS p8.8%

CVE-2026-33982CVE-2026-33982

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS0.19% probability of exploitation · percentile 8.8% · 2026-06-19T12:03:05Z
Published2026-03-30
Last modified2026-04-01

Underlying weaknesses· 1

CWE-125

References

  1. https://github.com/FreeRDP/FreeRDP/commit/a48dbde2c8a5b8b70a9d1c045d969a71afd6284c
  2. https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Readcwe-1250%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22854
CVE
CVE-2026-23532
CVE
CVE-2026-25941
CVE
CVE-2026-22853
CVE
CVE-2026-31897
CVE
CVE-2026-22857
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.