Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Published: 2026-02-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap buffer overflow causing out‑of‑bounds memory read that may expose sensitive data
Action: Apply Patch
AI Analysis

Impact

FreeRDP’s URBDRC client incorrectly uses server‑supplied interface numbers as array indices without bounds checks, leading to an out‑of‑bounds read in libusb_udev_select_interface. This heap buffer overflow can leak memory contents. The flaw is categorized as CWE‑122 and CWE‑1285.

Affected Systems

The vulnerability affects all FreeRDP releases prior to version 3.22.0. Devices and systems employing FreeRDP for Remote Desktop Protocol sessions using the URBDRC component are at risk.

Risk and Exploitability

The CVSS v3.1 score of 8.7 places the issue in the high severity range. An EPSS score below 1 % indicates a low likelihood of widespread exploitation at present, and the flaw is not listed in CISA’s KEV catalog. Based on the description, it is inferred that exploitation would require an attacker to supply crafted USB interface numbers during an RDP session, implying a remote attack vector. The overflow can potentially allow an attacker to read memory content from the client side. Prompt mitigation is advised.

Generated by OpenCVE AI on April 18, 2026 at 18:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.22.0 or later, which contains the necessary bounds checks in urb_select_interface.
  • Disable or limit USB device forwarding in the RDP session configuration where URBDRC is used, if not required for business operations.
  • Monitor RDP session logs for abnormal USB interface numbers or errors and adjust firewall rules to restrict unauthorized access to USB pass‑through.

Generated by OpenCVE AI on April 18, 2026 at 18:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8042-1 FreeRDP vulnerabilities
History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 10 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Mon, 09 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Title FreeRDP has a heap-buffer-overflow in urb_select_interface
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T16:02:09.897Z

Reserved: 2026-01-23T20:40:23.388Z

Link: CVE-2026-24679

cve-icon Vulnrichment

Updated: 2026-02-10T15:40:06.091Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T19:15:49.327

Modified: 2026-02-10T15:08:26.867

Link: CVE-2026-24679

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-09T18:19:00Z

Links: CVE-2026-24679 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:30:07Z

Weaknesses