Description
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.
Published: 2026-04-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Integrity bypass allowing traffic tampering in non-TLS RDP sessions
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises because xrdp fails to verify the Message Authentication Code (MAC) signature that is inserted into encrypted RDP packets when the "Classic RDP Security" layer is used. The sender correctly generates an 8‑byte integrity signature, but the receiver never checks it, causing any modifications to the packet contents to be silently accepted. An attacker who can observe the connection—such as through a man‑in‑the‑middle position—could therefore alter traffic without detection, potentially affecting session data, user credentials, or other sensitive information. This flaw does not affect connections that use the TLS security layer, where integrity is already protected.

Affected Systems

The flaw impacts the neutrinolabs xrdp product for all releases up to and including version 0.10.5. The offending code was addressed in version 0.10.6, making that and later releases immune to the issue.

Risk and Exploitability

With a CVSS score of 9.3 the vulnerability is rated critical. The EPSS score is not available, but the lack of a publicly listed KEV entry does not diminish the risk. An exploit requires the attacker to be able to intercept RDP traffic while the server is using Classic RDP Security, a common scenario on networks that permit RDP or in environments that have not mandated TLS. If these conditions exist, exploitation is straightforward and can occur without authentication. The potential impact is high because traffic can be modified undetected.

Generated by OpenCVE AI on April 18, 2026 at 17:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade neutrinolabs xrdp to version 0.10.6 or later.
  • Configure the server to use TLS by setting security_layer=tls in xrdp.ini when an upgrade cannot be performed immediately.
  • Ensure all RDP clients connect using TLS or disable the Classic RDP Security layer on the server.

Generated by OpenCVE AI on April 18, 2026 at 17:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N'}

threat_severity

Moderate

Fri, 17 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Neutrinolabs
Neutrinolabs xrdp
Vendors & Products Neutrinolabs
Neutrinolabs xrdp

Fri, 17 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Description xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks the necessary implementation to validate the 8-byte integrity signature, causing it to be silently ignored. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this missing check to modify encrypted traffic in transit without detection. It does not affect connections where the TLS security layer is enforced. This issue has been fixed in version 0.10.6. If users are unable to immediately upgrade, they should configure xrdp.ini to enforce TLS security (security_layer=tls) to ensure end-to-end integrity.
Title xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode
Weaknesses CWE-354
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:L'}

Subscriptions

Neutrinolabs Xrdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-17T19:27:39.809Z

Reserved: 2026-03-10T22:02:38.854Z

Link: CVE-2026-32105

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-17T20:16:33.517

Modified: 2026-04-17T20:16:33.517

Link: CVE-2026-32105

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-17T19:27:39Z

Links: CVE-2026-32105 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:15:05Z

Weaknesses