Improper Certificate Validation in FreeRDP - #VU137821
Published: July 16, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass TLS server identity validation.
The vulnerability exists due to improper certificate validation in tls_verify_certificate() when verifying certificates where the Common Name matches but DNS subject alternative name entries are present and non-matching. A remote attacker can present a specially crafted certificate to bypass TLS server identity validation.
Exploitation requires a certificate chain trusted by the FreeRDP client.