Critical DoS and Information Disclosure Vulnerabilities in FreeRDP for Fedora

Critical DoS and Information Disclosure Vulnerabilities in FreeRDP for Fedora

First seen 15 Jul 2026, 08:28 UTC Linuxsecurity 97% similarity 70.5

Article Content

Browse articles
ThreatCluster

On July 10, 2026, three critical vulnerabilities (CVE-2026-57156, CVE-2026-57157, CVE-2026-57158) were published affecting FreeRDP, a remote desktop protocol library used in Fedora systems. These vulnerabilities allow for arbitrary code execution, denial of service, and information disclosure through various attack vectors. Specifically, CVE-2026-57156 involves an integer overflow in RDP message processing, while CVE-2026-57157 and CVE-2026-57158 relate to out-of-bounds reads and truncated payloads. The vulnerabilities were patched in FreeRDP version 3.28.0, released on July 13, 2026. Users are advised to update their systems using the provided dnf command to mitigate these risks. The vulnerabilities affect all Fedora users utilizing FreeRDP, posing a significant threat to system integrity and confidentiality.

Key Points: • Three critical vulnerabilities in FreeRDP were published on July 10, 2026. • CVE-2026-57156 allows arbitrary code execution, while CVE-2026-57157 and CVE-2026-57158 lead to denial of service and information disclosure. • Fedora users are urged to update to FreeRDP version 3.28.0 to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2026-07-10
CVE-2026-57156 published
CVE-2026-57156 details an integer overflow vulnerability in RDP message processing, allowing arbitrary code execution.
Linuxsecurity
2026-07-10
CVE-2026-57157 published
CVE-2026-57157 describes an out-of-bounds read vulnerability leading to information disclosure and denial of service.
Linuxsecurity
2026-07-10
CVE-2026-57158 published
CVE-2026-57158 involves information disclosure via truncated RDPGFX planar payload.
Linuxsecurity
2026-07-13
FreeRDP version 3.28.0 released
An update to FreeRDP version 3.28.0 was released, addressing the critical vulnerabilities.
Linuxsecurity

Community

Browse all →