Back

Critical xrdp Vulnerabilities in Fedora 44 and 42 Require Immediate Attention

Severity: High (Score: 72.9)

Sources: Linuxsecurity

Summary

A critical security update for Fedora 44 addresses multiple vulnerabilities in xrdp, including CVE-2026-32105, CVE-2026-32107, CVE-2026-32623, CVE-2026-32624, CVE-2026-33145, CVE-2026-33516, CVE-2026-33689, and CVE-2026-35512. These vulnerabilities allow for remote code execution, privilege escalation, and denial of service attacks. The flaws are particularly concerning as they affect a widely used RDP server compatible with various clients, including FreeRDP and Microsoft RDP. The vulnerabilities were published on April 17, 2026, and have been addressed in the latest updates. Users are advised to apply the patches immediately to mitigate potential exploitation. The issues were identified in versions prior to 0.10.6 of xrdp. The update also includes bug fixes and new features aimed at improving functionality. Organizations using affected versions are at risk of significant security breaches if they do not update promptly. Key Points: • Multiple critical vulnerabilities in xrdp affect Fedora 44 and 42. • CVE-2026-32105 and CVE-2026-32107 allow for privilege escalation and data integrity issues. • Immediate patching is required to prevent remote code execution and denial of service attacks.

Key Entities

  • DDoS (attack_type)
  • CVE-2026-32105 (cve)
  • CVE-2026-32107 (cve)
  • CVE-2026-32623 (cve)
  • CVE-2026-32624 (cve)
  • CVE-2026-33145 (cve)
  • Cwe-122 - Heap-based Buffer Overflow (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • CWE-78 - OS Command Injection (cwe)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • Fedora (company)
  • FreeRDP (platform)
  • Microsoft RDP Client (platform)
  • Xrdp (platform)
  • VNC (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed