This advisory covers eight distinct security vulnerabilities in FreeRDP versions shipped with Red Hat Enterprise Linux 8.6 variants. The vulnerabilities include denial of service conditions due to use-after-free (CVE-2026-25952), double free during disconnect (CVE-2026-26986), and an endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951). Memory safety issues include a heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775), out-of-bounds read in ADPCM decoders due to missing bounds checks (CVE-2026-31885), and division-by-zero in ADPCM decoders when nBlockAlign is zero (CVE-2026-31884). There is also a denial of service via crafted audio data (CVE-2026-31883) and an information disclosure via heap memory out-of-bounds read (CVE-2026-33985). Red Hat has released updated freerdp packages to address these vulnerabilities as part of RHSA-2026:16814.

The vulnerabilities collectively allow an attacker to cause denial of service conditions, potentially crashing or hanging the FreeRDP client, and in one case, disclose information via out-of-bounds heap memory reads. These issues could disrupt remote desktop sessions or leak sensitive memory contents. No evidence of active exploitation is reported. The impact is rated moderate by Red Hat, reflecting the denial of service and information disclosure risks but no direct remote code execution or privilege escalation is indicated.

Red Hat has released updated freerdp packages for Red Hat Enterprise Linux 8.6 variants that address all listed vulnerabilities. Users should apply these official patches promptly to remediate the issues. For detailed update instructions, refer to the Red Hat advisory RHSA-2026:16814 and the linked article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.