Xrdp

This hub aggregates every CVE we track for Xrdp, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Xrdp.

• CVE-2026-35512xrdp: Heap buffer overflow in EGFX channel8.8Apr 17, 2026
• CVE-2026-33689xrdp: Pre-authentication out-of-bounds reads in channel parsers9.1Apr 17, 2026
• CVE-2026-33145xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman6.3Apr 17, 2026
• CVE-2026-32624xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation6.5Apr 17, 2026
• CVE-2026-33516xrdp: Pre-authentication out-of-bounds reads in RDP capability and channel parsers9.1Apr 17, 2026
• CVE-2026-32623xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly8.1Apr 17, 2026
• CVE-2026-32105xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode7.7Apr 17, 2026
• CVE-2026-32107xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails8.8Apr 17, 2026
• CVE-2025-68670xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow9.1Jan 27, 2026
• CVE-2024-39917xrdp allows an ininite number of login attempts7.2Jul 12, 2024
• CVE-2023-42822Unchecked access to font glyph info in xrdp4.6Sep 27, 2023
• CVE-2023-40184Improper handling of session establishment errors in xrdp2.6Aug 30, 2023
• CVE-2022-23477Buffer Overflow in xrdp9.1Dec 9, 2022
• CVE-2022-23484Integer Overflow in xrdp8.2Dec 9, 2022
• CVE-2022-23483Out-of-Bound Read in libxrdp7.5Dec 9, 2022