Vulnerabilities ›

CVE-2026-24682

High

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bound

CWE-122 — Weakness Type

                    Published: Feb 9, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

🤖 AI Executive Summary

FreeRDP versions prior to 3.22.0 contain a buffer overflow vulnerability in audio format parsing that frees incorrect memory amounts, causing out-of-bounds access. This affects remote desktop protocol implementations used in enterprise environments for secure remote access.

📄 Description (Arabic)

تحتوي نسخ FreeRDP السابقة للإصدار 3.22.0 على ثغرة في معالجة صيغ الصوت حيث يتم تحرير عدد غير صحيح من صيغ الصوت (i + i) عند فشل التحليل. يؤدي هذا إلى الوصول خارج الحدود في دالة audio_formats_free مما قد يسبب تعطل الخدمة أو تنفيذ كود عشوائي.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 4, 2026 15:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government telecom healthcare

🎯 MITRE ATT&CK Techniques

T1021.001 T1190

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade FreeRDP to version 3.22.0 or later immediately. For organizations unable to upgrade immediately, restrict RDP access to trusted networks only, disable audio redirection features if not required, and monitor for suspicious RDP connection attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية FreeRDP إلى الإصدار 3.22.0 أو أحدث فوراً. للمنظمات غير القادرة على الترقية، قيّد الوصول إلى RDP للشبكات الموثوقة فقط، وعطّل ميزات إعادة توجيه الصوت إذا لم تكن مطلوبة، وراقب محاولات الاتصال المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1 2.2 3.1

🔵 SAMA CSF

ID.AM-2 PR.PT-1

🟡 ISO 27001:2022

A.12.2.1 A.14.2.1

🔗 References & Sources 2

🔗

https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee

security-advisories@github.com

Patch

🔗

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcw2-pqgw-mx6g

security-advisories@github.com

Patch Vendor Advisory

📦 Affected Products / CPE 1 entries

freerdp:freerdp

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-122

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-02-09

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-122

🏢 Vendor Advisories

🔗 https://github.com/FreeRDP/FreeRDP/security/advisori...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-24682

💬 Comments

Introduce Yourself

Sign In Required