Description
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This vulnerability only affects environments where the module has been explicitly compiled and enabled. Users can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v command. This issue has been fixed in version 0.10.6.
Published: 2026-04-17
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

xrdp contains a heap-based buffer overflow in the NeutrinoRDP module that fails to validate the size of reassembled fragmented virtual channel data. This flaw allows an attacker to corrupt memory, potentially causing a denial of service or enabling remote code execution. Based on the description, the attack vector involves a malicious downstream RDP server or an attacker capable of performing a Man‑in‑the‑Middle attack, inferred from the need for the module to be explicitly compiled and enabled while routing sessions through a controlled downstream server.

Affected Systems

The vulnerability affects NeutrinoLabs xrdp versions 0.10.5 and earlier when the NeutrinoRDP module is explicitly compiled and enabled with the --enable-neutrinordp configuration switch. Versions 0.10.6 and newer include a fix, and the module is not compiled by default.

Risk and Exploitability

The likely attack vector is exploitation through an upstream RDP client that proxies a session via the vulnerable module to a downstream RDP server controlled by an adversary, or via a man‑in‑the‑middle attack. The CVSS score of 7.7 reflects a high severity, and the EPSS score of < 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting limited publicly confirmed exploitation activity. Attacks require an upstream RDP client to proxy a session through the vulnerable module to a downstream RDP server that is controlled by an adversary or via a man‑in‑the‑middle attack; thus the threat is constrained to environments that enable RDP session proxying through this module, but once the conditions are met, exploitation can lead to significant compromise.

Generated by OpenCVE AI on April 18, 2026 at 20:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade xrdp to version 0.10.6 or newer to receive the patch that corrects the buffer overflow flaw.
  • If an upgrade is not achievable, rebuild or reinstall xrdp without the --enable-neutrinordp flag, effectively disabling the vulnerable module.
  • Restrict RDP session proxying to trusted downstream servers, ensuring only authorized and secure servers are used.

Generated by OpenCVE AI on April 18, 2026 at 20:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Neutrinolabs
Neutrinolabs xrdp
Vendors & Products Neutrinolabs
Neutrinolabs xrdp

Fri, 17 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This vulnerability only affects environments where the module has been explicitly compiled and enabled. Users can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v command. This issue has been fixed in version 0.10.6.
Title xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Neutrinolabs Xrdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-18T03:00:44.250Z

Reserved: 2026-03-12T15:29:36.558Z

Link: CVE-2026-32623

cve-icon Vulnrichment

Updated: 2026-04-18T03:00:40.321Z

cve-icon NVD

Status : Received

Published: 2026-04-17T20:16:33.953

Modified: 2026-04-17T20:16:33.953

Link: CVE-2026-32623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T20:15:09Z

Weaknesses