CVE 8.7 HIGH

FreeRDP has a Heap-use-after-free in play_thread_CVE-2026-24684

February 9, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

AI Analysis

Heap-use-after-free vulnerability in the RDPSND async playback thread

Basic Information

ID CVE-2026-24684

Source GitHub_M

Published Feb 9, 2026 at 18:23

Affected Product

Vendor FreeRDP

Product FreeRDP

Version < 3.22.0

Affected Versions FreeRDP FreeRDP < 3.22.0

CWE Classification

CWE-416

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor FreeRDP

Product FreeRDP

Version < 3.22.0

References

{
    "lastseen": "",
    "description": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.",
    "published": "2026-02-09T18:23:02.882Z",
    "modified": "2026-02-09T18:23:02.882Z",
    "type": "cve",
    "title": "FreeRDP has a Heap-use-after-free in play_thread",
    "source": "GitHub_M",
    "references": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q\nhttps://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696\nhttps://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5",
    "id": "CVE-2026-24684",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "FreeRDP FreeRDP < 3.22.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FreeRDP",
    "version": "< 3.22.0",
    "vendor": "FreeRDP",
    "ai_description": "Heap-use-after-free vulnerability in the RDPSND async playback thread",
    "ai_severity": "High",
    "ai_vendor": "FreeRDP",
    "ai_product": "FreeRDP",
    "ai_version": "< 3.22.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply