Vulnerability in Neutrinolabs Xrdp

CVE-2026-32105

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender…

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

Affected products

Neutrinolabs Xrdp — versions < 0.10.6

Weakness classification (CWE)

CWE-354 — Improper Validation of Integrity Check Value

References

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3 (x_refsource_CONFIRM)
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 (x_refsource_MISC)