Double free in FreeRDP - #VU136922
Published: July 6, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause memory corruption.
The vulnerability exists due to double free in freerdp_client_rdp_file_apply_to_settings() when parsing a crafted selectedmonitors field in a .rdp file. A remote attacker can trick the victim into opening a crafted .rdp file to cause memory corruption.
User interaction is required to open the crafted connection file, and the issue is reachable in the default configuration of the FreeRDP CLI clients.