Heap-based buffer overflow in xrdp - CVE-2026-44178
Published: July 2, 2026
xrdp
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in the virtual channel forwarding mechanism when forwarding data from a remote client to the internal channel server. A remote user can send a specially crafted virtual channel message that exceeds the buffer capacity to execute arbitrary code or cause a denial of service.