CVE-2026-32107 - Vulnerability Details

- xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails

Description

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.

Published: 2026-04-17

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability stems from an improper error handling in the privilege drop logic of xrdp’s session execution component. When an authentication error occurs, the component fails to execute the required setuid operation, leaving child processes running with elevated root privileges. An attacker who has local authenticated access can exploit this fail‑open behavior to gain root and run arbitrary commands, potentially compromising the entire system. The weakness is categorized as CWE‑273 – Failure to Drop Privileges.

Affected Systems

neutrinolabs xrdp below version 0.10.6 is affected. All releases up to 0.10.5 contain the flaw; the vulnerability is mitigated in version 0.10.6 and later.

Risk and Exploitability

The vulnerability has a high CVSS score of 8.8, reflecting its severe impact and difficulty to exploit. The EPSS score of < 1% indicates a very low but non‑zero probability of exploitation, and the flaw is not listed in the CISA KEV catalog. It is intrinsically a local, authenticated vulnerability, implying that an attacker must be able to log into the target system. As the CVE description notes, an additional exploit is required to achieve privilege escalation; the privilege drop failure alone does not automatically grant root, so the flaw can be leveraged only in combination with another exploitation technique, which still underscores the need for prompt remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

neutrinolabs

xrdp

affected

Version	Status	Constraints
`< 0.10.6`	affected	—

No data.

Vendor Product Confidence Versions

Neutrinolabs

Xrdp

100%

Version	Status	Scheme	Platform
`[0,0.10.6)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade xrdp to version 0.10.6 or later, where the privilege drop bug is corrected.
Remove the setuid bit from the sesexec binary (chmod u‑s /usr/sbin/xrdp‑sesexec) and configure the service to run as a non‑privileged user; this prevents escalation if privilege drop fails.
Apply or enable a mandatory access control policy such as SELinux or AppArmor to restrict sesexec from accessing privileged resources, providing an additional barrier against privilege escalation.

Generated by OpenCVE AI on April 18, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9
https://nvd.nist.gov/vuln/detail/CVE-2026-32107
https://www.cve.org/CVERecord?id=CVE-2026-32107

History

Sat, 18 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-32107 https://www.cve.org/CVERecord?id=CVE-2026-32107
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 17 Apr 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Neutrinolabs Neutrinolabs xrdp
Vendors & Products		Neutrinolabs Neutrinolabs xrdp

Fri, 17 Apr 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description		xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.
Title		xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails
Weaknesses		CWE-273
References		https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Neutrinolabs Xrdp

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-17T19:25:20.274Z

Updated: 2026-04-17T19:25:20.274Z

Reserved: 2026-03-10T22:02:38.854Z

Link: CVE-2026-32107

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-17T20:16:33.677

Modified: 2026-04-17T20:16:33.677

Link: CVE-2026-32107

Redhat

Severity : Important

Publid Date: 2026-04-17T19:25:20Z

Links: CVE-2026-32107 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-18T20:45:05Z

Weaknesses

CWE-273

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object