Out-of-bounds Read in Freerdp

CVE-2026-22858

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 bu…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (29.8th percentile) — read the EPSS interpretation.

Affected products

Freerdp — versions < 3.20.1

Weakness classification (CWE)

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qmqf-m84q-x896 (x_refsource_CONFIRM)
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 (x_refsource_MISC)