What is CVE-2026-31883?

CVE-2026-31883 is a medium-severity vulnerability in Freerdp, classified under Integer Underflow. CVSS score: 6.5/10. Published 2026-03-13.

How severe is CVE-2026-31883?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Buffer overflow in Freerdp

CVE-2026-31883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c…

EPSS: 0.001 (21.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Freerdp — versions < 3.24.0

Weakness classification (CWE)

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5 (x_refsource_CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-31883?: CVE-2026-31883 is a medium-severity vulnerability in Freerdp, classified under Integer Underflow. CVSS score: 6.5/10. Published 2026-03-13.
How severe is CVE-2026-31883?: Medium severity. CVSS v3 base score is 6.5 out of 10.