Description
xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6.
Published: 2026-04-17
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service and Potential Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

xrdp includes an out-of-bounds read during the pre‑authentication RDP message parsing phase. An attacker can send a crafted sequence of packets before authentication is completed, causing the program to read beyond the bounds of the input buffer. The resulting memory corruption can trigger a process crash, producing a denial‑of‑service, or in some scenarios allow the attacker to read sensitive data from service memory. The flaw arises from insufficient validation of buffer lengths in the dynamic channel communication logic.

Affected Systems

The affected product is the open‑source xrdp server from Neutrinolabs. Vulnerable versions are 0.10.5 and older. The issue was fixed with the release of version 0.10.6.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. EPSS data are not available, and the flaw is not listed in the CISA KEV catalog. An attacker need only be able to establish an initial RDP connection to the target system; the flaw is triggered during the pre‑authentication message exchange, allowing remote, unauthenticated exploitation. Given the high score and the nature of the attack vector, organizations should treat this as an urgent risk.

Generated by OpenCVE AI on April 18, 2026 at 09:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade xrdp to version 0.10.6 or newer.
  • Restrict inbound RDP traffic to trusted networks or specific IPs using firewall rules.
  • Monitor xrdp logs for abnormal crashes or memory access errors to detect any lingering exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 09:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Mon, 20 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Neutrinolabs
Neutrinolabs xrdp
Vendors & Products Neutrinolabs
Neutrinolabs xrdp

Fri, 17 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6.
Title xrdp: Pre-authentication out-of-bounds reads in channel parsers
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Neutrinolabs Xrdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-20T16:21:39.933Z

Reserved: 2026-03-23T16:34:59.932Z

Link: CVE-2026-33689

cve-icon Vulnrichment

Updated: 2026-04-20T16:21:35.785Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T21:16:32.963

Modified: 2026-04-27T14:14:26.617

Link: CVE-2026-33689

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses