Description
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0.
Published: 2026-02-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution via memory corruption
Action: Patch Immediately
AI Analysis

Impact

FreeRDP suffers from a use‑after‑free bug in the function ainput_send_input_event. The bug occurs when channel_callback is cached without synchronization; a concurrent channel close can free or reinitialize the callback, causing a use‑after‑free that can lead to memory corruption. An attacker who can trigger input events over a remote desktop session can exploit this flaw to potentially execute arbitrary code or crash the client, impacting confidentiality, integrity, or availability.

Affected Systems

This vulnerability affects the FreeRDP project across all platforms supported by the open‑source implementation. Versions older than 3.22.0 are susceptible; the fix is incorporated in 3.22.0 and later releases.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS score of less than 1% reflects a low current exploitation probability. The flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker could exploit the vulnerability remotely by establishing an RDP session and invoking input events that trigger the freed callback. Because the exploit requires a live session and coordination of channel state, the attack vector is inferred to be remote RDP.

Generated by OpenCVE AI on April 17, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.22.0 or later to apply the use‑after‑free fix.
  • If an immediate upgrade is not possible, disable or restrict the channel that can trigger ainput_send_input_event until the patch is applied.
  • Apply network‑level access controls and monitor RDP traffic for anomalous input events to reduce the exploitation window.

Generated by OpenCVE AI on April 17, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8042-1 FreeRDP vulnerabilities
History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 10 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Mon, 09 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0.
Title FreeRDP has a heap-use-after-free in ainput_send_input_event
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T16:01:48.816Z

Reserved: 2026-01-23T20:40:23.389Z

Link: CVE-2026-24683

cve-icon Vulnrichment

Updated: 2026-02-10T15:39:58.856Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T19:15:49.910

Modified: 2026-02-10T15:03:23.457

Link: CVE-2026-24683

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-09T18:22:17Z

Links: CVE-2026-24683 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:30:28Z

Weaknesses