Vulnerability - CVE-2026-24681

›

›vulnerability›CVE-2026-24681

Name

CVE-2026-24681

Source

NVD ( link)Debian ( link)

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.

CWEs

Published Date

Feb 9, 2026

Updated Date

Jun 17, 2026

Workaround

-

Advisories

https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73Patch

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9jPatch

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

8.7

CVSSv4

7.5

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

master

2.11.8

Patched

yocto

kirkstone

2.6.1

Exploitable

yocto

master

2.11.8

Exploitable

yocto

master

3.26.0

Not Affected

yocto

scarthgap

2.11.8

Exploitable

yocto

scarthgap

3.4.0

Patched

Resolved with patches#

freerdp (buildroot:2025.02.x)

#

Title

Author

Resolve

1

[channels,urbdrc] cancel all usb transfers on channel close

akallabeth <akallabeth@posteo.net>

CVE-2026-24681

freerdp (buildroot:master)

#

Title

Author

Resolve

1

[channels,urbdrc] cancel all usb transfers on channel close

akallabeth <akallabeth@posteo.net>

CVE-2026-24681

freerdp3 (yocto:scarthgap)

#

Title

Author

Resolve

1

[channels,urbdrc] cancel all usb transfers on channel close

akallabeth <akallabeth@posteo.net>

CVE-2026-24681