Out-of-bounds Read in Neutrinolabs Xrdp

CVE-2026-33516

xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remo…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (30.0th percentile) — read the EPSS interpretation.

Affected products

Neutrinolabs Xrdp — versions < 0.10.6

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rvh9-9wm3-28c7 (x_refsource_CONFIRM)
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 (x_refsource_MISC)