Infinite loop in xrdp - CVE-2026-54538
Published: July 2, 2026
xrdp
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an infinite loop in RDP packet processing when handling a specially crafted RDP packet with an invalid totalLength field. A remote attacker can send a specially crafted packet to cause a denial of service.
By causing the internal pointer not to advance for specific protocol data unit types, the issue can lead to sustained CPU consumption and service unavailability. Multiple malicious connections may contribute to system-wide resource exhaustion.