Buffer overflow in Neutrinolabs Xrdp

CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacke…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (29.1th percentile) — read the EPSS interpretation.

Affected products

Neutrinolabs Xrdp — versions < 0.10.6

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp (x_refsource_CONFIRM)
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 (x_refsource_MISC)