What is CVE-2026-32107?

CVE-2026-32107 is a high-severity vulnerability in Neutrinolabs Xrdp, classified under Improper Check for Dropped Privileges. CVSS score: 8.8/10. Published 2026-04-17.

How severe is CVE-2026-32107?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Neutrinolabs Xrdp

CVE-2026-32107

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attack…

EPSS: 0.000 (6.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Neutrinolabs Xrdp — versions < 0.10.6

Weakness classification (CWE)

CWE-273 — Improper Check for Dropped Privileges

References

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9 (x_refsource_CONFIRM)
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-32107?: CVE-2026-32107 is a high-severity vulnerability in Neutrinolabs Xrdp, classified under Improper Check for Dropped Privileges. CVSS score: 8.8/10. Published 2026-04-17.
How severe is CVE-2026-32107?: High severity. CVSS v3 base score is 8.8 out of 10.