Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
Published: 2026-02-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Crash or Code Execution
Action: Immediate Patch
AI Analysis

Impact

FreeRDP versions before 3.22.0 contain a camera capture thread that, after a device channel is closed, calls a freed channel callback while sending sample responses. This results in a heap use‑after‑free inside the ecam_channel_write function. The flaw can cause the process to crash; depending on the state of the heap, an attacker might gain the ability to execute arbitrary code. The primary weakness is a use‑after‑free (CWE‑416) and an improper handling of return values (CWE‑825).

Affected Systems

All FreeRDP installations using versions earlier than 3.22.0 are affected, as the vulnerability was removed in the 3.22.0 release. No information is available indicating that other forks or custom builds are impacted.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. The reported EPSS score of < 1% suggests that widespread exploitation is currently unlikely, and the CVE is not listed in the CISA KEV catalog. The likely attack vector is an RDP session that utilizes the camera virtual channel, as the flaw is only reached when the capture thread is active. This inference is based on the component involved; no explicit exploitation guidance is provided in the advisory. |The risk to systems depends on whether the vulnerable camera channel is exposed and whether an attacker can initiate an RDP session that triggers the capture thread.

Generated by OpenCVE AI on April 18, 2026 at 20:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply FreeRDP 3.22.0 or newer to eliminate the use‑after‑free path (CWE‑416).
  • If an update cannot be applied immediately, disable the camera virtual channel on the RDP server or client to prevent the capture thread from executing.
  • Ensure that all return values in code interacting with the camera channel are properly validated and handled to address CWE‑825 and reduce the chance of similar vulnerabilities arising.

Generated by OpenCVE AI on April 18, 2026 at 20:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8042-1 FreeRDP vulnerabilities
History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 10 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Important

Mon, 09 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
Title FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T16:02:14.343Z

Reserved: 2026-01-23T20:40:23.388Z

Link: CVE-2026-24678

cve-icon Vulnrichment

Updated: 2026-02-10T15:40:07.765Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T19:15:49.190

Modified: 2026-02-10T15:08:47.010

Link: CVE-2026-24678

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-09T18:17:27Z

Links: CVE-2026-24678 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T20:15:09Z

Weaknesses