CVE-2026-33985

← CVEs

MED 5.9

Published

2026-03-30

Last Modified

2026-04-01

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

Affected Applications in Environment 1

freerdp v2.1.1-5.el7_9

1 device

Affected Devices 1

guru.cluster Linux

References 2

https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85