Integer overflow in xrdp - CVE-2026-41521
Published: July 2, 2026
xrdp
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information or cause a denial of service.
The vulnerability exists due to integer overflow in screen update message processing in vnc-any mode when processing crafted image dimensions from a VNC server. A remote attacker can send crafted screen update messages to disclose sensitive information or cause a denial of service.
Exploitation requires the vnc-any connection mode or another configuration that allows connections to arbitrary VNC hosts.