Buffer overflow in Neutrinolabs Xrdp

CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (51.5th percentile) — read the EPSS interpretation.

Affected products

Neutrinolabs Xrdp — versions < 0.10.6

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-phw3-qp59-x2v4 (x_refsource_CONFIRM)
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 (x_refsource_MISC)