Red Hat Security Advisory: freerdp security update
Multiple vulnerabilities have been identified in FreeRDP, a free implementation of the Remote Desktop Protocol client used in Red Hat Enterprise Linux 9. 0. These include denial of service issues due to use-after-free, double free, endless blocking loops, and crafted audio data, as well as memory corruption vulnerabilities such as heap-buffer overflow and out-of-bounds reads. Additionally, there are vulnerabilities causing division-by-zero errors and information disclosure via heap memory out-of-bounds reads. Red Hat has issued a security advisory (RHSA-2026:16485) addressing these issues with updated packages for affected versions. The overall security impact is rated as moderate. No known exploits in the wild have been reported at this time.
AI Analysis
Technical Summary
Red Hat Product Security released an advisory for FreeRDP vulnerabilities affecting Red Hat Enterprise Linux 9.0. The vulnerabilities include denial of service caused by use-after-free (CVE-2026-25952), double free during disconnect (CVE-2026-26986), endless blocking loop (CVE-2026-27951), heap-buffer overflow via out-of-bounds cacheId (CVE-2026-29775), out-of-bounds read in ADPCM decoders due to missing bounds checks (CVE-2026-31885), division-by-zero in ADPCM decoders when nBlockAlign is zero (CVE-2026-31884), denial of service via crafted audio data (CVE-2026-31883), and information disclosure via heap memory out-of-bounds read (CVE-2026-33985). These vulnerabilities affect the freerdp-2.4.1-3.el9_0.7 package and related libraries on multiple architectures. Red Hat has provided updated packages to remediate these issues.
Potential Impact
The vulnerabilities collectively can lead to denial of service conditions, memory corruption, and information disclosure when using the FreeRDP client. These issues may cause application crashes, resource exhaustion, or unintended leakage of heap memory contents. No evidence of active exploitation is reported. The impact is considered moderate by Red Hat.
Mitigation Recommendations
Red Hat has released updated freerdp packages addressing all listed vulnerabilities as part of advisory RHSA-2026:16485. Users of affected Red Hat Enterprise Linux 9.0 versions should apply these updates promptly following Red Hat's published guidance at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.
Red Hat Security Advisory: freerdp security update
Description
Multiple vulnerabilities have been identified in FreeRDP, a free implementation of the Remote Desktop Protocol client used in Red Hat Enterprise Linux 9. 0. These include denial of service issues due to use-after-free, double free, endless blocking loops, and crafted audio data, as well as memory corruption vulnerabilities such as heap-buffer overflow and out-of-bounds reads. Additionally, there are vulnerabilities causing division-by-zero errors and information disclosure via heap memory out-of-bounds reads. Red Hat has issued a security advisory (RHSA-2026:16485) addressing these issues with updated packages for affected versions. The overall security impact is rated as moderate. No known exploits in the wild have been reported at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security released an advisory for FreeRDP vulnerabilities affecting Red Hat Enterprise Linux 9.0. The vulnerabilities include denial of service caused by use-after-free (CVE-2026-25952), double free during disconnect (CVE-2026-26986), endless blocking loop (CVE-2026-27951), heap-buffer overflow via out-of-bounds cacheId (CVE-2026-29775), out-of-bounds read in ADPCM decoders due to missing bounds checks (CVE-2026-31885), division-by-zero in ADPCM decoders when nBlockAlign is zero (CVE-2026-31884), denial of service via crafted audio data (CVE-2026-31883), and information disclosure via heap memory out-of-bounds read (CVE-2026-33985). These vulnerabilities affect the freerdp-2.4.1-3.el9_0.7 package and related libraries on multiple architectures. Red Hat has provided updated packages to remediate these issues.
Potential Impact
The vulnerabilities collectively can lead to denial of service conditions, memory corruption, and information disclosure when using the FreeRDP client. These issues may cause application crashes, resource exhaustion, or unintended leakage of heap memory contents. No evidence of active exploitation is reported. The impact is considered moderate by Red Hat.
Mitigation Recommendations
Red Hat has released updated freerdp packages addressing all listed vulnerabilities as part of advisory RHSA-2026:16485. Users of affected Red Hat Enterprise Linux 9.0 versions should apply these updates promptly following Red Hat's published guidance at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:16485
- Cve Count
- 8
- Additional Cves
- ["CVE-2026-26986","CVE-2026-27951","CVE-2026-29775","CVE-2026-31883","CVE-2026-31884","CVE-2026-31885","CVE-2026-33985"]
- Cvss Version
- null
Threat ID: 6a16097ee29bf47b5064a67a
Added to database: 5/26/2026, 8:58:38 PM
Last enriched: 5/26/2026, 10:37:32 PM
Last updated: 5/27/2026, 4:56:43 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.