CVE-2026-27950 — Expired Pointer Dereference in Freerdp

CWE-825 — Expired Pointer Dereference6 documents6 sources

Severity

5.5MEDIUMNVD

OSV8.7

EPSS

0.1%

top 70.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Debian Freerdp2 Debian Freerdp3

Timeline

PublishedFeb 25

Latest updateMar 18

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDfreerdp/freerdp< 3.23.0

▶debiandebian/freerdp2< freerdp3 3.23.0+dfsg-1 (forky)

▶debiandebian/freerdp3< freerdp3 3.23.0+dfsg-1 (forky)

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-27950: FreeRDP is a free implementation of the Remote Desktop Protocol↗2026-02-25

▶

📋Vendor Advisories

Ubuntu

FreeRDP vulnerabilities↗2026-03-18

▶

Red Hat

freerdp: FreeRDP: Denial of service due to incomplete fix for heap-use-after-free vulnerability↗2026-02-25

▶

Debian

CVE-2026-27950: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-27950 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶