Description
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain name to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default, systems are not affected by this vulnerability unless it is intentionally configured. This issue has been fixed in version 0.10.6.
Published: 2026-04-17
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via heap buffer overflow
Action: Patch
AI Analysis

Impact

xrdp is an open source Remote Desktop Protocol server that contains a heap-based buffer overflow in its logon processing. The vulnerability is triggered when the domain_user_separator setting is enabled in xrdp.ini and an unauthenticated remote attacker sends a username or domain name that is excessively long. The overflow corrupts adjacent memory regions, which can cause the application to crash or exhibit other unexpected behavior. The exploit does not provide code execution but can abruptly terminate the service, leading to a denial of service.

Affected Systems

The affected product is xrdp from the Neutrinolabs project. Versions up through 0.10.5 are vulnerable; the issue was fixed in 0.10.6 and later releases. Only systems that have explicitly enabled the domain_user_separator configuration are at risk.

Risk and Exploitability

The CVSS score of 6.3 reflects a moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA's KEV catalog. The attack vector is remote and unauthenticated: an attacker simply needs the ability to connect to the xrdp service and send a crafted logon request when domain_user_separator is configured. Even though the exploit is limited to causing service disruption, it is potentially exploitable by attackers who target high-availability environments or services that rely on uninterrupted RDP access.

Generated by OpenCVE AI on April 18, 2026 at 09:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to xrdp version 0.10.6 or later
  • Disable or remove the domain_user_separator setting in xrdp.ini
  • Restart or reload the xrdp service to ensure the configuration change takes effect

Generated by OpenCVE AI on April 18, 2026 at 09:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Neutrinolabs
Neutrinolabs xrdp
Vendors & Products Neutrinolabs
Neutrinolabs xrdp

Fri, 17 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain name to overflow the internal buffer. This can corrupt adjacent memory regions, potentially leading to a Denial of Service (DoS) or unexpected behavior. The domain_name_separator directive is commented out by default, systems are not affected by this vulnerability unless it is intentionally configured. This issue has been fixed in version 0.10.6.
Title xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Neutrinolabs Xrdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-17T19:58:08.687Z

Reserved: 2026-03-12T15:29:36.558Z

Link: CVE-2026-32624

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-17T20:16:34.087

Modified: 2026-04-17T20:16:34.087

Link: CVE-2026-32624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses