CVE-2026-33145
published 2026-04-17CVE-2026-33145: xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe…
PriorityP344medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.36%
27.5th percentile
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled (which is the default when not explicitly configured), xrdp accepts a client-supplied AlternateShell value and executes it via /bin/sh -c during session initialization. This results in shell-interpreted execution of unsanitized, user-controlled input. This behavior effectively provides a scriptable remote command execution primitive over RDP within the security context of the authenticated user, occurring prior to normal window manager startup. This can bypass expected session initialization flows and operational assumptions that restrict execution to interactive desktop environments. This issue has been fixed in version 0.10.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| neutrinolabs | xrdp | < 0.10.6 | 0.10.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [fedora-all]
bugzilla·2026-04-20·CVSS 6.3
CVE-2026-33145 [MEDIUM] CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [fedora-all]
CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-EPEL-2026-ff046d13ab (xrdp-0.10.6-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ff046d13ab
---
FEDORA-2026-9417ff0bc5 (xrdp-0.10.6-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-9417ff0bc5
---
FEDORA-2026-ad9e109ad8 (xrdp-0.10.6-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproj
Bugzilla
CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [epel-all]
bugzilla·2026-04-20·CVSS 6.3
CVE-2026-33145 [MEDIUM] CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [epel-all]
CVE-2026-33145 xrdp: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-EPEL-2026-239e52fdeb (xrdp-0.10.6-1.el8) has been submitted as an update to Fedora EPEL 8.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-239e52fdeb
---
FEDORA-EPEL-2026-ff046d13ab (xrdp-0.10.6-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ff046d13ab
Bugzilla
CVE-2026-33145 xrdp: xrdp-sesman: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter
bugzilla·2026-04-17·CVSS 6.3
CVE-2026-33145 [MEDIUM] CVE-2026-33145 xrdp: xrdp-sesman: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter
CVE-2026-33145 xrdp: xrdp-sesman: xrdp: Arbitrary Command Execution via unsafe handling of AlternateShell parameter
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled (which is the default when not explicitly configured), xrdp accepts a client-supplied AlternateShell value and executes it via /bin/sh -c during session initialization. This results in shell-interpreted execution of unsanitized, user-controlled input. This behavior effectively provides a scriptable remote command execution primitive over RDP within the security context of the authenticated user, occurring prior to normal w
2026-04-17
Published