Vulnerability in Freerdp

CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP c…

EPSS: 0.001 (32.3th percentile) — read the EPSS interpretation.

Affected products

Freerdp — versions < 3.24.2

Weakness classification (CWE)

CWE-617 — Reachable Assertion

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 (x_refsource_CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/4ac0b6467d371a1ad47c1f751c5b305e4c068adb (x_refsource_MISC)