Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.
Published: 2026-02-09
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A NULL pointer dereference in the rdp_write_logon_info_v2 function within FreeRDP can be triggered by a malicious RDP server that sends a specially crafted LogonInfoV2 PDU. The attacker can cause the client to crash by setting either the cbDomain or cbUserName field length to zero. This flaw does not provide code execution but results in a denial of service by terminating the client, representing a classic null pointer dereference weakness (CWE‑476).

Affected Systems

All releases of FreeRDP prior to version 3.22.0 are affected. The patch that resolves the issue is included in the 3.22.0 release, so any client using an earlier version of the open‑source Remote Desktop Protocol implementation is vulnerable. An attacker only needs to pose as an RDP server and send the malformed PDU; no local privileges on the client are required.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity with an impact on availability. The EPSS score of less than 1% suggests a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog, meaning no actively circulating zero‑day exploit is known. However, because the flaw can be triggered remotely by any server to which the user connects, the potential for opportunistic denial of service remains realistic. An attacker could impersonate a legitimate RDP server to cause client crashes, or use the flaw as part of a larger attack chain, though no immediate elevation of privileges is afforded.

Generated by OpenCVE AI on April 17, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.22.0 or later to apply the official fix.
  • Limit FreeRDP client usage to connections with trusted, known RDP servers, and consider whitelisting servers in your environment.
  • Apply network segmentation or firewall rules to restrict RDP traffic and monitor for anomalous LogonInfoV2 PDUs, thereby reducing the attack surface.

Generated by OpenCVE AI on April 17, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8042-1 FreeRDP vulnerabilities
History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 10 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Mon, 09 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.
Title FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T16:02:38.268Z

Reserved: 2026-01-19T14:49:06.312Z

Link: CVE-2026-23948

cve-icon Vulnrichment

Updated: 2026-02-10T15:40:15.305Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T19:15:47.627

Modified: 2026-02-10T15:09:11.707

Link: CVE-2026-23948

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-09T18:12:00Z

Links: CVE-2026-23948 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:30:28Z

Weaknesses