216.73.216.86

CVE-2026-26271

· Published 25/02/2026 21:16 · Modified 25/02/2026 21:16

Labels: CVE-2026-26271 2026-02-25CVE-2026-26271CWE-126[email protected]

Essential information

Published
25/02/2026 21:16
Modified
25/02/2026 21:16
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
freerdp / freerdp cpe:2.3:a:freerdp:freerdp:<3.23.0:*:*:*:*:*:*:*

References