CVE-2026-32105
published 2026-04-17CVE-2026-32105: xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of…
PriorityP352high7.7CVSS 3.1
AVNACHPRNUINSUCHIHAL
EPSS
0.17%
7.1th percentile
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| neutrinolabs | xrdp | < 0.10.6 | 0.10.6 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
neutrinolabs xrdp up to 0.10.5 Message xrdp.ini integrity check
vuldb·2026-04-17·CVSS 9.3
CVE-2026-32105 [CRITICAL] neutrinolabs xrdp up to 0.10.5 Message xrdp.ini integrity check
A vulnerability, which was classified as critical, has been found in neutrinolabs xrdp up to 0.10.5. Affected is an unknown function of the file xrdp.ini of the component Message Handler. This manipulation causes improper validation of integrity check value.
This vulnerability appears as CVE-2026-32105. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
Red Hat
xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security
vendor_redhat·2026-04-17·CVSS 9.3
CVE-2026-32105 [CRITICAL] CWE-347 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security
xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security
A flaw was found in xrdp, an open-source Remote Desktop Protocol (RDP) server. When using the "Classic RDP Security" layer, xrdp fails to verify the Message Authentication Code (MAC) signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle (MITM) capabilities to modify encrypted traffic as it travels between the client and server without being detected, compromising data integrity. This vulnerability does not affect connections where the Transport Layer Security (TLS) security layer is enforced.
Statement: This vulnerability in xrdp compromises data integrity when the "Classic RDP Security" layer is in use, allowing an unauthenticate
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [fedora-all]
bugzilla·2026-04-17·CVSS 9.3
CVE-2026-32105 [CRITICAL] CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [fedora-all]
CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-EPEL-2026-ff046d13ab (xrdp-0.10.6-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ff046d13ab
---
FEDORA-2026-ad9e109ad8 (xrdp-0.10.6-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-ad9e109ad8
---
FEDORA-EPEL-2026-239e52fdeb (xrdp-0.10.6-1.el8) has been submitted as an update to Fedora EPEL 8.
Bugzilla
CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [epel-all]
bugzilla·2026-04-17·CVSS 9.3
CVE-2026-32105 [CRITICAL] CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [epel-all]
CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-EPEL-2026-ff046d13ab (xrdp-0.10.6-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ff046d13ab
---
FEDORA-2026-ad9e109ad8 (xrdp-0.10.6-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-ad9e109ad8
---
FEDORA-2026-9417ff0bc5 (xrdp-0.10.6-1.fc43) has been submitted as an update to Fedora 43.
https://b
Bugzilla
CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security
bugzilla·2026-04-17·CVSS 9.3
CVE-2026-32105 [CRITICAL] CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security
CVE-2026-32105 xrdp: xrdp: Data integrity compromised due to missing MAC signature verification in Classic RDP Security
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10
2026-04-17
Published