Vulnerability Details CVE-2026-35512
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication exploitation may achieve remote code execution. This issue has been fixed in version 0.10.6. If users are unable to immediately update, they should run xrdp as a non-privileged user (default since 0.10.2) to limit the impact of successful exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2026-35512
-
cpe:2.3:a:neutrinolabs:xrdp:-
-
cpe:2.3:a:neutrinolabs:xrdp:0.10.0
-
cpe:2.3:a:neutrinolabs:xrdp:0.10.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.10.2
-
cpe:2.3:a:neutrinolabs:xrdp:0.10.3
-
cpe:2.3:a:neutrinolabs:xrdp:0.10.4
-
cpe:2.3:a:neutrinolabs:xrdp:0.10.4.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.10.5
-
cpe:2.3:a:neutrinolabs:xrdp:0.6.0
-
cpe:2.3:a:neutrinolabs:xrdp:0.6.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.6.2
-
cpe:2.3:a:neutrinolabs:xrdp:0.8.0
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.10
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.11
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.12
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.13
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.13.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.14
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.15
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.16
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.17
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.18
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.18.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.19
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.2
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.20
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.21
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.21.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.22
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.22.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.23
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.23.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.24
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.25
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.25.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.26
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.27
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.3
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.3.1
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.4
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.4.
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.5
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.6
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.7
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.8
-
cpe:2.3:a:neutrinolabs:xrdp:0.9.9