CVE-2026-32623: CWE-122: Heap-based Buffer Overflow in neutrinolabs xrdp
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This vulnerability only affects environments where the module has been explicitly compiled and enabled. Users can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v command. This issue has been fixed in version 0.10.6.
AI Analysis
Technical Summary
xrdp versions before 0.10.6 that have the NeutrinoRDP module enabled are vulnerable to a heap-based buffer overflow (CWE-122) due to improper validation of reassembled fragmented virtual channel data size during RDP session proxying. This can be exploited by a malicious downstream RDP server or an attacker capable of man-in-the-middle attacks to cause memory corruption, leading to denial of service or remote code execution. The NeutrinoRDP module is not enabled by default and must be explicitly compiled with the --enable-neutrinordp option. The vulnerability has been addressed in version 0.10.6.
Potential Impact
Successful exploitation can cause memory corruption resulting in denial of service or remote code execution on affected systems running xrdp with the NeutrinoRDP module enabled. The vulnerability requires either control of a downstream RDP server or a man-in-the-middle position to exploit. Systems without the NeutrinoRDP module enabled are not affected.
Mitigation Recommendations
Upgrade xrdp to version 0.10.6 or later where this vulnerability is fixed. Verify if the NeutrinoRDP module is enabled by checking for --enable-neutrinordp in the output of 'xrdp -v'. If the module is not enabled, the system is not vulnerable. No other mitigation is specified in the vendor advisory. Patch status is not explicitly stated but the fix is included in version 0.10.6.
CVE-2026-32623: CWE-122: Heap-based Buffer Overflow in neutrinolabs xrdp
Description
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This vulnerability only affects environments where the module has been explicitly compiled and enabled. Users can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v command. This issue has been fixed in version 0.10.6.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
xrdp versions before 0.10.6 that have the NeutrinoRDP module enabled are vulnerable to a heap-based buffer overflow (CWE-122) due to improper validation of reassembled fragmented virtual channel data size during RDP session proxying. This can be exploited by a malicious downstream RDP server or an attacker capable of man-in-the-middle attacks to cause memory corruption, leading to denial of service or remote code execution. The NeutrinoRDP module is not enabled by default and must be explicitly compiled with the --enable-neutrinordp option. The vulnerability has been addressed in version 0.10.6.
Potential Impact
Successful exploitation can cause memory corruption resulting in denial of service or remote code execution on affected systems running xrdp with the NeutrinoRDP module enabled. The vulnerability requires either control of a downstream RDP server or a man-in-the-middle position to exploit. Systems without the NeutrinoRDP module enabled are not affected.
Mitigation Recommendations
Upgrade xrdp to version 0.10.6 or later where this vulnerability is fixed. Verify if the NeutrinoRDP module is enabled by checking for --enable-neutrinordp in the output of 'xrdp -v'. If the module is not enabled, the system is not vulnerable. No other mitigation is specified in the vendor advisory. Patch status is not explicitly stated but the fix is included in version 0.10.6.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-12T15:29:36.558Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e29327bdfbbecc5989501b
Added to database: 4/17/2026, 8:08:07 PM
Last enriched: 4/17/2026, 8:23:24 PM
Last updated: 4/18/2026, 6:20:41 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.