Vulnerability - CVE-2026-24681

›

›vulnerability›CVE-2026-24681

Name

CVE-2026-24681

Source

NVD ( link)Debian ( link)

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.

CWEs

Published Date

Feb 9, 2026

Updated Date

Jun 17, 2026

Workaround

-

Advisories

https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73Patch

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ccvv-hg2w-6x9jPatch

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

8.7

CVSSv4

7.5

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

buildroot

2025.02.x

2.11.8

Patched

buildroot

master

2.11.8

Patched

yocto

kirkstone

2.6.1

Exploitable

yocto

master

2.11.8

Exploitable

yocto

master

3.26.0

Not Affected

Resolved with patches#

freerdp (buildroot:2025.02.x)

#

Title

Author

Resolve

1

[channels,urbdrc] cancel all usb transfers on channel close

akallabeth <akallabeth@posteo.net>

CVE-2026-24681

freerdp (buildroot:master)

#

Title

Author

Resolve

1

[channels,urbdrc] cancel all usb transfers on channel close

akallabeth <akallabeth@posteo.net>

CVE-2026-24681

freerdp3 (yocto:scarthgap)

#

Title

Author

Resolve

1

[channels,urbdrc] cancel all usb transfers on channel close

akallabeth <akallabeth@posteo.net>

CVE-2026-24681