Description
xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU. Successful exploitation could lead to a denial of service (process crash) or potential disclosure of sensitive information from the process memory. This issue has been fixed in version 0.10.6.
Published: 2026-04-17
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

An out‑of‑bounds read occurs during the RDP capability exchange before authentication. A remote, unauthenticated attacker can send a crafted Confirm Active PDU that causes xrdp to read memory past a buffer boundary. Successful exploitation may crash the RDP server, causing a denial of service, or expose contents of the server process’s memory.

Affected Systems

All releases of neutrinolabs xrdp published before version 0.10.6 are affected, including 0.10.5 and earlier.

Risk and Exploitability

The vulnerability has a CVSS score of 7.7, indicating a high severity. EPSS data is not available, so the specific exploitation probability is unknown. The issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a remote client connecting to the RDP service and sending a malformed Confirm Active PDU; the attacker does not need authentication.

Generated by OpenCVE AI on April 18, 2026 at 09:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade neutrinolabs xrdp to version 0.10.6 or later
  • If upgrade is not possible, disable the RDP service until a patch is applied
  • Restrict RDP access to trusted IP ranges and monitor for suspicious Confirm Active PDU traffic

Generated by OpenCVE AI on April 18, 2026 at 09:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Mon, 20 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Neutrinolabs
Neutrinolabs xrdp
Vendors & Products Neutrinolabs
Neutrinolabs xrdp

Fri, 17 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU. Successful exploitation could lead to a denial of service (process crash) or potential disclosure of sensitive information from the process memory. This issue has been fixed in version 0.10.6.
Title xrdp: Pre-authentication out-of-bounds reads in RDP capability and channel parsers
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Neutrinolabs Xrdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-20T15:43:53.801Z

Reserved: 2026-03-20T16:59:08.891Z

Link: CVE-2026-33516

cve-icon Vulnrichment

Updated: 2026-04-20T15:42:41.267Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T20:16:34.723

Modified: 2026-04-27T14:15:25.410

Link: CVE-2026-33516

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses