CVE-2026-32623: CWE-122: Heap-based Buffer Overflow in neutrinolabs xrdp
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This vulnerability only affects environments where the module has been explicitly compiled and enabled. Users can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v command. This issue has been fixed in version 0.10.6.
AI Analysis
Technical Summary
The vulnerability in neutrinolabs xrdp (CVE-2026-32623) is a heap-based buffer overflow in the NeutrinoRDP module affecting versions before 0.10.6. It arises from inadequate size validation of fragmented virtual channel data during RDP session proxying, which can be exploited by a malicious downstream RDP server or a man-in-the-middle attacker to cause memory corruption. This may lead to denial of service or remote code execution. The NeutrinoRDP module must be explicitly enabled (via --enable-neutrinordp) for the vulnerability to be present. The issue is resolved in version 0.10.6.
Potential Impact
Successful exploitation can cause memory corruption resulting in denial of service or remote code execution on affected systems running xrdp with the NeutrinoRDP module enabled. Systems not using this module are not affected. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade xrdp to version 0.10.6 or later, where this vulnerability is fixed. Verify if the NeutrinoRDP module is enabled by checking for --enable-neutrinordp in the output of 'xrdp -v'. If the module is not enabled, the system is not vulnerable. Patch status is not explicitly stated as 'official-fix' in the vendor advisory, but the description confirms the issue is fixed in version 0.10.6. Therefore, applying this update is the recommended remediation.
CVE-2026-32623: CWE-122: Heap-based Buffer Overflow in neutrinolabs xrdp
Description
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its allocated memory buffer. A malicious downstream RDP server (or an attacker capable of performing a Man-in-the-Middle attack) could exploit this flaw to cause memory corruption, potentially leading to a Denial of Service (DoS) or Remote Code Execution (RCE). The NeutrinoRDP module is not built by default. This vulnerability only affects environments where the module has been explicitly compiled and enabled. Users can verify if the module is built by checking for --enable-neutrinordp in the output of the xrdp -v command. This issue has been fixed in version 0.10.6.
CVSS v4.0
Score 7.7high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in neutrinolabs xrdp (CVE-2026-32623) is a heap-based buffer overflow in the NeutrinoRDP module affecting versions before 0.10.6. It arises from inadequate size validation of fragmented virtual channel data during RDP session proxying, which can be exploited by a malicious downstream RDP server or a man-in-the-middle attacker to cause memory corruption. This may lead to denial of service or remote code execution. The NeutrinoRDP module must be explicitly enabled (via --enable-neutrinordp) for the vulnerability to be present. The issue is resolved in version 0.10.6.
Potential Impact
Successful exploitation can cause memory corruption resulting in denial of service or remote code execution on affected systems running xrdp with the NeutrinoRDP module enabled. Systems not using this module are not affected. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade xrdp to version 0.10.6 or later, where this vulnerability is fixed. Verify if the NeutrinoRDP module is enabled by checking for --enable-neutrinordp in the output of 'xrdp -v'. If the module is not enabled, the system is not vulnerable. Patch status is not explicitly stated as 'official-fix' in the vendor advisory, but the description confirms the issue is fixed in version 0.10.6. Therefore, applying this update is the recommended remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-12T15:29:36.558Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e29327bdfbbecc5989501b
Added to database: 4/17/2026, 8:08:07 PM
Last enriched: 4/25/2026, 2:42:48 AM
Last updated: 6/1/2026, 9:31:53 PM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.