Ecosystem	Package	Version

Vulnerabilities

CVE-2026-24680

CVE-2026-24680

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.

Published Feb 10, 2026

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j893-9wg8-33rc

CVSS ScoreHigh

7.5

Ecosystem	Package	Version


nuget	FreeRDP	2.0.0.10
nuget	FreeRDP	2.0.0.11
nuget	FreeRDP	2.0.0.12
nuget	FreeRDP	2.0.0.13
nuget	FreeRDP	2.0.0.1
nuget	FreeRDP	2.0.0.2
nuget	FreeRDP	2.0.0.3
nuget	FreeRDP	2.0.0.4
nuget	FreeRDP	2.0.0.5
nuget	FreeRDP	2.0.0.6
nuget	FreeRDP	2.0.0.7
nuget	FreeRDP	2.0.0.8
nuget	FreeRDP	2.0.0.9
nuget	FreeRDP	2.0.0
rpm	freerdp	1.0.2-1.el5
rpm	freerdp	1.0.2-1.el6
rpm	freerdp	1.0.2-10.el7
rpm	freerdp	1.0.2-15.el7
rpm	freerdp	1.0.2-15.el7_6.1
rpm	freerdp	1.0.2-2.el6
rpm	freerdp	1.0.2-5.el6
rpm	freerdp	1.0.2-5.el7
rpm	freerdp	1.0.2-5.el7_1.1
rpm	freerdp	1.0.2-6.el6
rpm	freerdp	1.0.2-6.el7_2.1
rpm	freerdp	1.0.2-7.el6_10
rpm	freerdp	2.0.0-1.rc4.el7
rpm	freerdp	2.0.0-2.rc4.el7_8
rpm	freerdp	2.0.0-4.rc4.el7_8.1
rpm	freerdp	2.0.0-4.rc4.el7_8
rpm	freerdp	2.1.1-2.el7
rpm	freerdp	2.1.1-5.el7_9
rpm	freerdp	2
rpm	freerdp-devel	1.0.2-1.el5
rpm	freerdp-devel	1.0.2-1.el6
rpm	freerdp-devel	1.0.2-10.el7
rpm	freerdp-devel	1.0.2-15.el7
rpm	freerdp-devel	1.0.2-15.el7_6.1
rpm	freerdp-devel	1.0.2-2.el6
rpm	freerdp-devel	1.0.2-5.el6
rpm	freerdp-devel	1.0.2-5.el7
rpm	freerdp-devel	1.0.2-5.el7_1.1
rpm	freerdp-devel	1.0.2-6.el6
rpm	freerdp-devel	1.0.2-6.el7_2.1
rpm	freerdp-devel	1.0.2-7.el6_10
rpm	freerdp-devel	2.0.0-1.rc4.el7
rpm	freerdp-devel	2.0.0-2.rc4.el7_8
rpm	freerdp-devel	2.0.0-4.rc4.el7_8.1
rpm	freerdp-devel	2.0.0-4.rc4.el7_8
rpm	freerdp-devel	2.1.1-2.el7

CVE-2026-24680 | Components Impacted | Sonatype Guide | Sonatype Guide