What is CVE-2026-33985?

CVE-2026-33985 is a medium-severity vulnerability in Freerdp, classified under Out-of-bounds Read. CVSS score: 5.9/10. Published 2026-03-30.

How severe is CVE-2026-33985?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Out-of-bounds Read in Freerdp

CVE-2026-33985

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in versio…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L.

Affected products

Freerdp — versions < 3.24.2

Weakness classification (CWE)

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 (x_refsource_CONFIRM)
https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33985?: CVE-2026-33985 is a medium-severity vulnerability in Freerdp, classified under Out-of-bounds Read. CVSS score: 5.9/10. Published 2026-03-30.
How severe is CVE-2026-33985?: Medium severity. CVSS v3 base score is 5.9 out of 10.