Out-of-bounds Read in Neutrinolabs Xrdp

CVE-2026-33689

xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafte…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (39.6th percentile) — read the EPSS interpretation.

Affected products

Neutrinolabs Xrdp — versions < 0.10.6

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj (x_refsource_CONFIRM)
https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6 (x_refsource_MISC)