Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Published: 2026-02-09
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption / Remote Code Execution
Action: Patch
AI Analysis

Impact

FreeRDP includes a function that frees a device configuration on error but continues to dereference the freed object in later code. The use‑after‑free flaw in urb_select_interface allows an attacker to cause memory corruption during a Remote Desktop session, potentially leading to arbitrary code execution or denial of service when a user connects with a vulnerable client. The vulnerability is rooted in CWE‑416 and CWE‑825.

Affected Systems

Vendors including FreeRDP directly. All installations of FreeRDP versions earlier than 3.22.0 are affected, regardless of operating system, because the flaw is in the core library. Upgrading to version 3.22.0 or later resolves the issue.

Risk and Exploitability

The flaw has a CVSS score of 7.7, indicating high severity, but the exploit probability as measured by EPSS is below 1%, suggesting that attackers are unlikely to be actively targeting it currently. It is not listed in the CISA KEV catalog, so there are no known live exploits at this time. The threat is realistic if an attacker can influence the victim's RDP session to trigger the error path, which is possible when USB device forwarding is enabled. However, the narrow exploit window and low current exploitation likelihood mean that organizations with older FreeRDP deployments should assess the risk, monitor for related activity, and prioritize remediation.

Generated by OpenCVE AI on April 17, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.22.0 or later, which removes the use‑after‑free condition.
  • Rebuild or reconfigure any downstream applications that link against the old FreeRDP library to ensure they use the updated binary.
  • If an upgrade cannot be performed immediately, disable USB device forwarding in the RDP configuration to prevent the vulnerable code path from being exercised.

Generated by OpenCVE AI on April 17, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8042-1 FreeRDP vulnerabilities
History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 10 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Mon, 09 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Title FreeRDP has a Heap-use-after-free in urb_select_interface
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T16:02:28.619Z

Reserved: 2026-01-23T20:40:23.388Z

Link: CVE-2026-24675

cve-icon Vulnrichment

Updated: 2026-02-10T15:40:12.309Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T19:15:48.743

Modified: 2026-02-10T15:05:31.817

Link: CVE-2026-24675

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-09T18:14:40Z

Links: CVE-2026-24675 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:30:28Z

Weaknesses